backend-service-implement
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external files such as API specs and code scaffolds which could contain indirect prompt injections. This is mitigated by a mandatory human-in-the-loop approval step before code generation. Ingestion points: Artifact paths (scaffold, API contract, data model, task breakdown) provided in arguments. Boundary markers: No explicit markers are used in the prompt construction to isolate untrusted content. Capability inventory: The skill has permissions for file writing, configuration editing, and local command execution. Sanitization: No evidence of sanitization for injection patterns within the processed artifacts.
- [COMMAND_EXECUTION]: The skill executes local vendor scripts (id-generator.sh and index-updater.sh) within the plugin's local directory to manage output folder IDs and documentation indexes. These are legitimate internal administrative operations for the plugin's state management.
Audit Metadata