recipe-front-build
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (!command) to execute
lscommands to verify the existence of files in thedocs/plans/directory. These are benign operations used to inform the orchestrator of the project's current state. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to its automated processing of local files.
- Ingestion points: The skill reads data from work plans and task files located in
docs/plans/anddocs/plans/tasks/. - Boundary markers: The ingested file content is interpolated into sub-agent prompts without robust delimiters or isolation layers to distinguish data from instructions.
- Capability inventory: The skill can invoke sub-agents with the
Agenttool, execute directory checks via shell, and performgit commitactions. - Sanitization: There is no evidence of input validation or sanitization of the content read from the markdown files before it is processed or passed to sub-agents.
Audit Metadata