conductor-methodology
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill utilizes a methodology where the agent reads and updates local repository files within the conductor/ directory to manage project context. \n
- Ingestion points: Reads from conductor/product.md, tech-stack.md, and track files. \n
- Boundary markers: The framework mandates explicit user confirmation before starting implementation and at phase boundaries, which serves as an effective control. \n
- Capability inventory: Standard agent tools for file system access (Read, Write, Edit) and repository management (Git). \n
- Sanitization: Structured markdown plans and human verification of specs mitigate the risk of accidental obedience to instructions embedded in data. \n- Remote Code Execution (SAFE): There are no patterns involving the download or execution of remote scripts or packages from external URLs. \n- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or non-whitelisted network operations were identified. The skill only interacts with internal project-specific documentation. \n- Privilege Escalation (SAFE): The instructions do not involve any operations requiring elevated permissions, such as sudo, or modifications to system-level configurations. \n- Command Execution (SAFE): Tools like bash and git are described only in the context of standard development tasks (e.g., commits, tests) following the documented workflow.
Audit Metadata