recipe-front-build
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing external plan and task files to drive autonomous sub-agents. It explicitly instructs the agent to enter autonomous mode without step-by-step confirmation if task files exist. * Ingestion points: Markdown files located in docs/plans/ and docs/plans/tasks/. * Boundary markers: Absent. The skill appends a [SYSTEM CONSTRAINT] suffix to prompts but does not use delimiters to isolate ingested file content. * Capability inventory: The skill can execute shell commands via Bash and invoke other specialized sub-agents. * Sanitization: No evidence of validation or filtering for the content of processed files before they are passed to sub-agents.
- [COMMAND_EXECUTION]: The skill utilizes a Bash tool to perform directory listings and Git commits as part of its orchestration logic. * Evidence: Uses ls -la to verify file existence and git commit to save implementation changes.
Audit Metadata