recipe-fullstack-build
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands using the
!prefix to check for the existence of work plans and task files within thedocs/plans/directory. These commands are limited to directory listings (ls) and basic text filtering (grep,tail). - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes external data from plan files and passes instructions to sub-agents.
- Ingestion points: Reads content from
docs/plans/*.mdfiles during the decomposition and execution phases. - Boundary markers: Implements a mandatory
[SYSTEM CONSTRAINT]suffix for all sub-agent prompts to enforce operating within the build skill scope. - Capability inventory: Includes the ability to invoke sub-agents with code execution and git commit capabilities, and performs shell-based file system checks.
- Sanitization: No specific content sanitization is described for the data ingested from plan files.
- [SAFE]: No hardcoded credentials, unauthorized network communication, or obfuscated content were found. The use of autonomous mode is a functional requirement for the skill's orchestration logic and is gated by the presence of specific task files.
Audit Metadata