implement-change
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes instructions from external implementation plans and tickets which may contain malicious directives.
- Ingestion points: SKILL.md indicates the agent reads external plans and groomed tickets to drive its actions.
- Boundary markers: None identified. There are no instructions to explicitly ignore instructions or delimiters embedded within the ticket content.
- Capability inventory: The skill has the ability to read all files in the codebase, modify source code, and execute local commands for testing, linting, and type-checking (SKILL.md, Section 2 & 4).
- Sanitization: No sanitization or validation of the ticket/plan content is mentioned before processing.
- [COMMAND_EXECUTION]: The skill executes local system commands as part of its verification workflow.
- Evidence: SKILL.md explicitly requires running a "full test suite", "typecheck", and "lint" after changes are made. While intended for validation, these commands execute code in the local environment.
Audit Metadata