do-in-steps
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell command to create a local directory (
mkdir -p .specs/reports) for storing structured verification reports. This is a benign administrative task necessary for its reporting functionality. - [DATA_EXPOSURE]: The orchestrator is explicitly instructed to pass only high-level summaries and necessary file paths to sub-agents, minimizing the risk of accidental exposure of sensitive file contents across the context window.
- [PROMPT_INJECTION]: The skill utilizes structured tags like
<task>and<context>, along with reasoning prefixes, to maintain agent focus and prevent the orchestrator from performing the implementation tasks itself. It does not contain instructions to bypass system-level safety guardrails. - [SAFE]: No obfuscation, unauthorized network operations, or hardcoded credentials were detected within the skill's instructions or processes. It relies on standard internal task-dispatching mechanisms.
Audit Metadata