grace-generate
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in Step 4 require the agent to execute type checking, linting, and module-local tests. This involves running shell commands based on the generated code and local environment, which is a standard but sensitive capability.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it relies on external data sources for its core logic:
- Ingestion points: Data is ingested from
docs/development-plan.xmlanddocs/knowledge-graph.xml(SKILL.md). - Boundary markers: There are no explicit instructions to ignore or treat content within these XML files as untrusted data.
- Capability inventory: The agent has the ability to write to the file system (updating
docs/knowledge-graph.xml) and execute system commands (verification step). - Sanitization: No sanitization or validation of the input from XML files is performed before using it to influence code generation or command execution.
Audit Metadata