frame-development-contract
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local bash scripts, specifically
scripts/set-feature-record-lifecycle.sh, as part of its workflow. - [COMMAND_EXECUTION]: The skill directs the agent to run a "checker command" that is dynamically defined within the
config/change-contract-policy.shfile. This pattern allows for the execution of arbitrary commands based on the contents of a local configuration file. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and acts upon untrusted data from the repository, such as policy files and feature records.
- Ingestion points:
config/change-contract-policy.shand files within thefeature_records/directory (identified inSKILL.md). - Boundary markers: No delimiters or instructions to ignore embedded commands within the processed files are specified.
- Capability inventory: Shell command execution via
bashand dynamic execution of commands sourced from configuration files. - Sanitization: There is no evidence of sanitization, validation, or escaping of the content read from the repository files before it influences agent actions.
Audit Metadata