dev-workflows
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted project data and using it to drive execution and file modifications. 1. Ingestion points: The skill reads dependency manifests, build logs, and project documentation (referenced in references/build.md and references/dx.md). 2. Boundary markers: While it defines operational boundaries, it lacks explicit markers or instructions to ignore nested prompts in ingested data. 3. Capability inventory: It utilizes Bash for command execution and Write for updating scripts and documentation. 4. Sanitization: There is no evidence of sanitization for ingested file content.
- [Command Execution] (LOW): The skill executes build and test commands via Bash and modifies developer scripts as part of the DX workflow. These capabilities are consistent with its primary purpose but represent a managed execution risk.
Audit Metadata