1c-ai-feature-dev-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection via multiple data ingestion points.
- Ingestion points: The workflow takes user input through the $ARGUMENTS variable in Phase 1 and reads various files from the codebase as directed by explorer agents in Phase 2 and the plan file in Phase 5.
- Boundary markers: The instructions do not define clear delimiters or include 'ignore embedded instructions' warnings when interpolating external content into the prompts for sub-agents.
- Capability inventory: The skill possesses the capability to create task files (e.g., .tasks/task-[feature-name]/plan.md) and modify source code via the 1c-code-writer agent.
- Sanitization: There is no evidence of input validation, escaping, or filtering of the content retrieved from the codebase or provided in the initial arguments before it is processed by the LLM.
- [NO_CODE]: This skill only contains instructions and descriptions, without any associated executable scripts or code files.
Audit Metadata