verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Behavioral Constraints (SAFE): The skill uses strong imperative language ("The Iron Law", "Non-negotiable") and directive formatting to ensure the agent follows a strict verification process. While this mirrors some prompt injection techniques used to override behavior, the content is entirely aligned with operational safety and task integrity (preventing hallucinations of success).
- Indirect Prompt Injection (LOW): The skill creates an attack surface by mandating the agent read full command outputs (Step 3: READ). Malicious content within logs or test results could potentially attempt to influence the agent's next steps.
- Ingestion points: Command outputs from tests, linters, and build tools (SKILL.md, The Gate Function).
- Boundary markers: Absent; the agent is told to read the 'full output'.
- Capability inventory: The agent is authorized to perform commits, create PRs, and report success/failure status.
- Sanitization: Absent; no escaping or filtering of command output is defined.
- Data Exposure & Exfiltration (SAFE): No access to sensitive file paths, hardcoded credentials, or non-whitelisted network domains was identified.
- Unverifiable Dependencies (SAFE): The skill does not define or install any external packages or remote scripts.
Audit Metadata