deep-verify
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an analysis pipeline that is susceptible to indirect prompt injection (Category 8).
- Ingestion points: Verification context is extracted from user conversations and workspace files during the scope resolution phase in
SKILL.md(Step 1). - Boundary markers: User-provided content and file data are interpolated into expert prompts using standard curly brace templates without explicit safety delimiters or 'ignore embedded instructions' warnings in
SKILL.md(Step 2). - Capability inventory: The skill has extensive capabilities, including file system access (Read, Write, Glob, Grep), shell execution (Bash), and the ability to spawn autonomous sub-agents via the
Tasktool. - Sanitization: No explicit sanitization or structural validation of the input content is performed prior to prompt interpolation.
- [EXTERNAL_DOWNLOADS]: The documentation and error handling logic in
SKILL.mdprovide instructions for downloading missing dependencies (associated skills) from the author's GitHub repository (github.com/mikeng-io/agent-skills). As these resources belong to the verified vendor, they are considered standard installation procedures. - [REMOTE_CODE_EXECUTION]: The skill utilizes the
Tasktool to dynamically generate and execute prompts for specialized sub-agents (e.g., Devil's Advocate, Domain Experts). This is a core architectural feature of the multi-agent framework. - [COMMAND_EXECUTION]: The skill requires
Bashtool access for environment management tasks, such as creating output directories (mkdir) and interacting with version control (git).これらの operations are scoped to necessary setup and verification tasks.
Audit Metadata