verification-before-completion
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from project specification files and test command outputs, creating a surface for indirect prompt injection.
- Ingestion points: Data is read from files in the
specs/directory and from the output of test runners likenpm testorpytest(as described in the verification process). - Boundary markers: The instructions do not define clear delimiters or include warnings to ignore instructions embedded within the ingested data.
- Capability inventory: The skill utilizes shell command execution (test runners), file reading (
cat), and file writing (touch). - Sanitization: There is no evidence of sanitization or validation of the ingested content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill requires the agent to execute various shell commands, including test runners and file system utilities (
fd,cat,touch). These commands are necessary for the skill's primary function of verifying implementation quality but represent a capability to run code defined within the project repository.
Audit Metadata