ai-dev-loop
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns such as credential exfiltration, persistence mechanisms, or unauthorized network operations were detected. All described functionality is consistent with a project-local task management system.\n- [SAFE]: File system interactions are appropriately scoped to the
.agents/directory, which serves as a local data store for the workflow.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external task and PRD files.\n - Ingestion points:
.agents/TASKS/and.agents/PRDS/directories.\n - Boundary markers: The skill utilizes structured Markdown headers and metadata keys (e.g., ID, Status, Priority) to organize data.\n
- Capability inventory: Subprocess calls are limited to standard git operations (commit, branch) and updates to local Markdown files.\n
- Sanitization: No explicit sanitization or escaping of file content is described before processing.
Audit Metadata