planning-implementation
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes architecture documents to generate task lists, which introduces a surface for indirect prompt injection. Malicious content in source documents could influence the resulting implementation tasks.
- Ingestion points: External architecture documents referenced during the planning process.
- Boundary markers: The instructions do not mandate delimiters or safety warnings for separating source content from task instructions.
- Capability inventory: The skill facilitates file system inventory via
dark-factory listand generates commands forcargo,bun, anddark-factory. - Sanitization: No explicit sanitization or validation of content extracted from documents is required by the instructions.
- [DYNAMIC_EXECUTION]: The skill generates a JSON task graph containing shell commands in the
verification_stepsfield (e.g.,cargo build,bun test). These commands are dynamically derived from external architecture documents and are intended for execution by autonomous agents.
Audit Metadata