recipe-build
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (the
!commandsyntax) to executelscommands at load time. These commands are used to verify the state of the project's work plans and task files within thedocs/plans/directory. The skill also performsgit commitoperations as part of its mandatory execution cycle. These commands are legitimate for a development automation tool. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from project documents to influence sub-agent behavior.
- Ingestion points: Reads content from files in
docs/plans/anddocs/design/(SKILL.md). - Boundary markers: Absent when reading documentation into the orchestrator's context, though a static
[SYSTEM CONSTRAINT]suffix is appended to delegated sub-agent prompts. - Capability inventory: File system listing, file modification (via sub-agents), and git repository commits.
- Sanitization: No validation or escaping is performed on the content of the processed documents before they are interpolated into the workflow logic.
Audit Metadata