implementation-verification
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (LOW): Potential for indirect prompt injection due to the ingestion of untrusted specification data. 1. Ingestion points: Documentation files located in the docs/specs/ directory. 2. Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded within the specification documents. 3. Capability inventory: Use of the Task tool for shell execution and Read, Grep, and Glob tools for file system interaction. 4. Sanitization: Absent; content from specifications is analyzed directly without escaping or filtering.
- [Command Execution] (SAFE): The skill references standard development lifecycle commands such as npm run build and npm test. These commands are executed locally to verify code correctness and are consistent with the primary purpose of a verification skill. No obfuscated or remote execution patterns were detected.
Audit Metadata