verification-quality
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto download and execute theclaude-flowpackage from the npm registry. While this is a standard mechanism for running developer tools, it involves runtime code execution from an external registry. - [COMMAND_EXECUTION]: Extensive use of shell commands is documented for verification workflows, including
gitfor repository rollbacks,jqfor JSON result processing, andcurlfor metric exportation. The skill also includes a command to launch a local web dashboard for monitoring verification activities. - [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests untrusted data from agent outputs to determine quality scores and trigger automated actions.
- Ingestion points: Processes agent task outputs and source code files during
verify checkandtruthscoring operations as described inSKILL.md. - Boundary markers: No specific delimiters or instructions are documented to isolate the verification logic from potentially malicious instructions embedded within the data being analyzed.
- Capability inventory: Possesses significant system capabilities, including command execution via
npx, filesystem modifications through the--auto-fixfeature, and repository manipulation viarollbackcommands. - Sanitization: Lacks documented validation or sanitization of agent outputs before they are processed by truth-scoring algorithms or used to drive automated environment changes.
- [DATA_EXFILTRATION]: Documented features include sending verification metrics to external monitoring endpoints such as DataDog and Prometheus via
curlPOST requests. While intended for observability, this establishes a pattern for outbound data transfer.
Audit Metadata