batch
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of local development commands such as
npm test,bun test,pytest, andgo testto verify changes. This is a standard and expected part of the intended refactoring workflow for a development-focused agent. - [COMMAND_EXECUTION]: Utilizes the GitHub CLI (
gh) to automate the creation of pull requests after pushing changes to the remote repository. - [PROMPT_INJECTION]: As an orchestrator that processes codebase content to generate tasks for sub-agents, the skill has an inherent surface for indirect prompt injection. Malicious content within the codebase being researched could potentially attempt to influence the instructions given to parallel workers.
- Ingestion points: The skill ingests user-provided instructions and researches the existing codebase via 'Explore' agents.
- Boundary markers: Structural boundaries are provided through the creation of a formal plan and the use of a fixed instruction template for worker agents.
- Capability inventory: The skill can spawn sub-agents, execute shell commands (for testing purposes), and perform git operations (commit, push, PR creation).
- Sanitization: No explicit sanitization of codebase content is mentioned; the skill relies on the underlying agent's internal safety protocols.
Audit Metadata