recipe-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: Processes data from project design documents (
docs/design/*.md) and output fromgit diffcommands. - Boundary markers: The orchestrator does not use explicit delimiters or specific 'ignore instructions' warnings when passing external document content to sub-agents.
- Capability inventory: The workflow can invoke a
task-executorsub-agent that has permissions to modify local files and apply code changes. - Sanitization: Input content from design documents is not sanitized or filtered before being interpolated into sub-agent prompts.
- [COMMAND_EXECUTION]: Executes standard shell commands (
ls,grep,git diff) to identify documentation and implementation files. These operations are local, restricted to the project directory, and serve the primary function of quality assurance validation.
Audit Metadata