srp-dev
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses extremely aggressive and authoritative language ("CRITICAL WARNING", "VIOLATION IS NOT ACCEPTABLE", "FAILED") to force the agent into a specific behavior pattern. This technique is often used in jailbreaks to attempt to override safety filters or previous instructions by creating a high-pressure instruction context.
- [COMMAND_EXECUTION]: The workflow constructs shell commands using unvalidated user input. Steps 2, 3, 6, and 8 interpolate the user's feature description directly into
ghandgitcommand strings, which could lead to command injection if the input contains shell metacharacters. - [COMMAND_EXECUTION]: Step 5 involves running tests (
npm test,pytest,go test) which executes code within the current environment. While standard for development, this represents a capability for arbitrary code execution. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: User-provided feature description (Step 1).
- Boundary markers: Absent; the user input is directly requested and then used in subsequent steps.
- Capability inventory: Subprocess execution of
git,gh(GitHub CLI),go,pytest, andnpmcommands. - Sanitization: Absent; there is no instruction to sanitize or escape the user-provided description before it is used in shell commands or committed to the repository.
Audit Metadata