spec-first
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides a purely instructional framework for a development workflow. It does not contain executable code, scripts, or suspicious network operations.
- [COMMAND_EXECUTION]: The workflow instructs the agent to run standard, local development commands (e.g.,
npm test,npm run build) to verify implementation progress. These are contextually appropriate and initiated within the developer's project environment. - [DATA_EXPOSURE]: The skill uses a dedicated
.agents/directory to store planning artifacts (SPECS,TODOS,DECISIONS). This is a safe organizational practice that separates AI-generated metadata from the primary codebase. - [PROMPT_INJECTION]: The 'adversarial mode' mentioned in Stage E is a quality-control technique where the agent checks its own work for bugs; it does not attempt to bypass platform safety guidelines or override system instructions.
Audit Metadata