go
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to perform git operations (branch creation, adding, committing, pushing), format documentation with
prettier, and execute local Python validation scripts viauv run. These operations are used to automate the development lifecycle phases described in the instructions. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by reading and parsing untrusted data from ephemeral global plan files. 1. Ingestion points: The skill reads tasks and context from files located at
~/.claude/plans/*.mdand/docs/design/*/spec.md. 2. Boundary markers: The instructions lack explicit delimiters or guidance to the agent to disregard instructions that might be embedded within the ingested plan files. 3. Capability inventory: The skill has extensive capabilities, including writing/editing files, executing git commands, and invoking other automated task sequences. 4. Sanitization: No sanitization or structural validation is performed on the content of the plan files before they are utilized to derive slugs or map implementation tasks into the workflow phases.
Audit Metadata