implement
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The provided skill consists entirely of a markdown file (
SKILL.md) containing instructions, command definitions, and workflow descriptions. It does not include any executable scripts, binaries, or configuration files that perform operations on the host system. - [PROMPT_INJECTION]: The skill is designed to take user input (
feature-description) to guide code generation. While this represents a standard surface for indirect prompt injection, the instructions explicitly include security-focused workflows, such as 'Security persona auto-activation', 'Input validation by default', and 'OWASP compliance checks', which serve as mitigation strategies. - [COMMAND_EXECUTION]: The documentation references related commands such as
/buildand/test, which imply the ability to execute environment commands. However, the skill itself does not implement these commands or provide logic to execute arbitrary shell scripts.
Audit Metadata