epic-verifier
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a dynamic test command provided via the {test-command} placeholder. This is a mechanism for executing shell commands within the environment based on orchestrator-provided input.
- [COMMAND_EXECUTION]: The sub-agent executes several system-level commands using the git and bd CLI tools to retrieve repository state and epic metadata.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes code changes and epic descriptions that may contain malicious instructions designed to influence the verifier's report.
- Ingestion points: The agent ingests data from git diff outputs and epic details via the bd show command.
- Boundary markers: The agent's prompt uses markdown headers to structure the task, but does not implement explicit delimiters or 'ignore' instructions to isolate the analyzed code from the system instructions.
- Capability inventory: The sub-agent can execute bash commands, run test scripts, and write verification reports to the temp/ directory and the project's comment system.
- Sanitization: No explicit sanitization or input validation is performed on the code content or metadata before it is processed by the agent's LLM.
Audit Metadata