autonomous-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The workflow involves executing a variety of shell commands, including
git,npm,pnpm,yarn, and the GitHub CLI (gh). These commands are essential for its primary function of autonomous feature development and are well-documented within the rules. - [EXTERNAL_DOWNLOADS]: The skill suggests installation via
npx skills addfrom the author's GitHub repository (mthines/gw-tools). It also performs dependency installation via Node.js package managers during worktree setup, which is expected behavior for developer-centric agents. - [SAFE]: The skill includes explicit safety features in
rules/safety-guardrails.md, such as stopping after 20 test iterations or 50 file changes, and requiring user confirmation before proceeding with implementation. No malicious patterns such as obfuscation, credential harvesting, or unauthorized persistence were found. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes project files and user instructions to generate and test code.
- Ingestion points: Read operations on project files (
task.md,plan.md) and user-provided task descriptions. - Boundary markers: The skill does not currently define explicit markers or system instructions to distinguish between its own logic and external data.
- Capability inventory: Extensive subprocess capabilities including shell access for git operations, package management, and PR creation.
- Sanitization: No explicit sanitization of codebase data or user input is mentioned in the procedures.
Audit Metadata