wf2-spec
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs legitimate project management tasks by reading local kickoff files and generating documentation based on templates. No data exfiltration or external network requests were found.
- [COMMAND_EXECUTION]: The skill instructions involve executing local file search commands (glob, grep) and version control commands (git commit). These are standard operations for a software development assistant and align with the skill's stated purpose.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from the repository. Ingestion points: Reads 01_KICKOFF.md and codebase files via glob and grep. Boundary markers: No explicit delimiters are used to separate ingested content from instructions. Capability inventory: The skill can read/write files and perform git commits. Sanitization: No content validation or sanitization is performed on ingested data.
Audit Metadata