creation-feasibility-gate
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill evaluates external file content from the local filesystem to determine feasibility, creating an indirect prompt injection surface.
- Ingestion points: Data enters the context via
Read,Glob, andGreptools targeting files in the project workspace. - Boundary markers: The
SKILL.mdincludes 'Iron Laws' that define the agent's logic and output format, but there is a lack of explicit delimiters or instructions to ignore commands embedded within the ingested data. - Capability inventory: The skill possesses the ability to read files and call other skills (via the
Skilltool), though it is explicitly restricted from performing artifact creation itself. - Sanitization: There is no evidence of content sanitization or instruction filtering for the data read from the filesystem.
- [COMMAND_EXECUTION]: The skill package includes local Node.js scripts (
scripts/main.cjs,hooks/pre-execute.cjs, andhooks/post-execute.cjs). These scripts are used for basic lifecycle management and argument parsing. They utilize standard built-in modules likefsandpathand do not contain patterns for unsafe command execution, subprocess spawning from user input, or dynamic code evaluation.
Audit Metadata