simple-run
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements significant safety mechanisms for automated operation, including a mandatory review sub-agent cycle, test baseline comparisons to prevent regressions, and an accumulation guardrail that pauses the loop if too many minor issues (concerns) build up.
- [COMMAND_EXECUTION]: The orchestrator performs version control operations including
git addandgit committo manage the implementation lifecycle. It also implicitly runs the project's test suite to establish baselines and verify fixes. - [DATA_EXPOSURE]: The skill reads project-specific configuration and state files (
docs/index.json,issues.json,progress-log.md) to maintain state across iterations. This is limited to the local project environment. - [INDIRECT_PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection as it processes untrusted task descriptions from
issues.jsonto drive the behavior of implementation sub-agents. - Ingestion points:
docs/<feature-name>/issues.jsonanddocs/index.json(SKILL.md). - Boundary markers: Absent; the skill does not explicitly use delimiters to wrap content from the task list when spawning sub-agents.
- Capability inventory: Spawning implementation/review sub-agents, executing git commands, and running the project test suite.
- Sanitization: Absent; the orchestrator passes task data directly to sub-agents.
- Assessment: The risk is mitigated by the 'automated' mode being restricted to specific implementation sub-agents and the requirement for a separate review sub-agent and test pass before any changes are committed.
Audit Metadata