fullstack-feature
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains 'absolute compliance' rules for runtime directives (SKILL.md, Phase 6) that instruct the agent to execute instructions immediately and without exercising its own judgment ('Autonomy ends', 'Runtime workflow logic ALWAYS supersedes orchestrator judgment'). This pattern effectively serves as an instruction override that could be exploited to bypass safety protocols if a malicious directive is encountered.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture:\n
- Ingestion points: Untrusted data enters the context when the agent reads source code and requirements via the
discoverandprecision_readtools (SKILL.md, Phase 1 & 4).\n - Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the processed data.\n
- Capability inventory: The skill has access to
precision_execfor shell command execution andprecision_writefor file modification (SKILL.md, Phase 2, 3, 5).\n - Sanitization: No validation or sanitization of external content is performed before it is used to drive agent actions.\n- [COMMAND_EXECUTION]: The orchestration workflow relies heavily on
precision_execto run shell commands. The structural lack of validation for 'spawn' directives allows for potential arbitrary command execution if a malicious directive is injected into the workflow context.
Audit Metadata