ladder-execute
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The delegation template in
references/delegation-context.mdinstructs the agent to inline content from external files directly into sub-agent prompts. - Ingestion points:
OVERVIEW.md, phase specs (.ladder/specs/*.md), andprogress.md(as seen inreferences/delegation-context.mdlines 7-10). - Boundary markers: The template uses standard Markdown headers (e.g.,
## Project Context) to delimit data, which can be spoofed or bypassed by malicious content within those files. - Capability inventory: Sub-agents are explicitly instructed to "Verify ALL acceptance criteria by running commands and confirming output" (line 56), providing a high-impact execution path for injected instructions.
- Sanitization: No sanitization, escaping, or "ignore instructions" delimiters are specified for the inlined content.
- COMMAND_EXECUTION (SAFE): The workflow relies on the agent executing shell commands to fulfill its primary purpose of software development and verification. While this is the intended behavior, the lack of isolation between data ingestion and command execution creates a vulnerability surface.
- SAFE (SAFE): No hardcoded credentials, obfuscated code, or unauthorized network patterns were detected in the provided documentation and template files.
Audit Metadata