building
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted content from plan files (located in
docs/plans/*.md) which is then interpolated into subagent prompts. This creates an attack surface for indirect prompt injection, where instructions inside a plan might attempt to override the subagent's behavior.\n - Ingestion points: Plan files (
docs/plans/*.md) and implementation artifacts (discovery/review files indocs/building/).\n - Boundary markers: The skill uses markdown headers like '## Phase N' and '## Inputs' to delimit external content within subagent prompts.\n
- Capability inventory: The skill manages subagents that can read/write files and execute shell commands (
git,npm).\n - Sanitization: The skill does not perform explicit sanitization or validation of the plan content before passing it to subagents.\n- [COMMAND_EXECUTION]: The skill performs various shell operations to manage the software development lifecycle. This includes using
gitfor branch management and version control, file system utilities likelsandcatfor status checks, and project build tools such asnpmfor running tests, linters, and build scripts. These operations are standard for the skill's intended purpose of automated code implementation.
Audit Metadata