approve-prototype
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from external iteration artifacts to update project documentation.
- Ingestion points: The skill reads
.agents/flow/it_{iteration}_PRD.json,.agents/flow/it_{iteration}_refactor-report.md, and.agents/flow/it_{iteration}_progress.json(SKILL.md). - Boundary markers: Absent; there are no specific instructions or delimiters provided to the agent to distinguish data from instructions within these files.
- Capability inventory: The skill is capable of reading and writing to sensitive project documentation and configuration files including
.agents/PROJECT_CONTEXT.md,ROADMAP.md,AGENTS.md, andREADME.md(SKILL.md). - Sanitization: Absent; the content from iteration artifacts is processed without explicit sanitization or validation.
- [COMMAND_EXECUTION]: The skill performs automated file system operations, specifically reading project state and writing updates to core documentation files. This behavior is mitigated by a mandatory human-in-the-loop requirement where the user must approve a summary of changes before any files are modified.
Audit Metadata