implement
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill is granted access to the
Bashtool to execute implementation phases and run quality gates. This allows for the execution of arbitrary shell commands on the system. While this is aligned with the skill's primary purpose of code implementation, the risk is elevated because the commands executed are derived from external file content. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The agent reads instructions and logic from
PLAN.md,TASK.md, andworklog/_state.json(File: SKILL.md). - Boundary markers: There are no documented delimiters or instructions to ignore embedded commands within the ingested files, increasing the risk that the agent will follow malicious instructions placed there by an attacker.
- Capability inventory: The skill has powerful tools including
Bash,Write,Edit, andReadwhich could be abused if an injection is successful. - Sanitization: No sanitization or validation of the content within the project files is specified before processing.
Audit Metadata