recipe-front-plan
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a shell command
ls -la docs/design/*.md | head -10to list design documents. While this is a standard file management operation, direct shell execution presents a potential surface for command injection if input parameters are not properly sanitized. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data which could influence agent behavior.
- Ingestion points: The agent reads design documents and UI specifications from the
docs/design/directory. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompts used to invoke sub-agents.
- Capability inventory: The skill has the ability to execute shell commands (
ls) and trigger sub-agents (acceptance-test-generator,work-planner) with instructions derived from file paths and content. - Sanitization: There is no evidence of sanitization or validation for the content of the design documents before they are used to generate prompts for sub-agents.
Audit Metadata