cold-start
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes instructions for the agent to execute shell commands via the
codexCLI (e.g.,codex exec --full-auto). This enables autonomous synthesis of repository data into the Memory Bank. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) by scanning the repository's existing codebase and reading external requirement files (
prd.md). - Ingestion points: Existing codebase files and
prd.mdused for Greenfield and Brownfield workflows. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat repo content as untrusted data during synthesis.
- Capability inventory: File system write access and shell command execution.
- Sanitization: No sanitization or validation steps are defined for the data extracted during repo scanning.
- [DYNAMIC_EXECUTION]: The skill generates proxy
SKILL.mdfiles dynamically in.claude/skills/and.agents/skills/to facilitate native command access across different agent runtimes.
Audit Metadata