lf-exec
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by reading work package specification files (
wps.md) and using their content to generate implementation instructions for the agent. - Ingestion points: The skill reads
specs/<SPEC_FOLDER>/wps.mdto identify work packages and context. - Boundary markers: Absent; the execution prompt in
exec-prompt.mddoes not utilize delimiters or warnings to isolate ingested file content from the agent's instructions. - Capability inventory: The skill uses
GlobandReadtools, and the final prompt triggers code implementation tasks including file modifications. - Sanitization: No sanitization or validation of the ingested file content is performed.
- [COMMAND_EXECUTION]: The skill suggests several shell commands for Git repository management, including
git pull,git submodule update, andgit checkout. These commands are provided as text for the user to run manually to ensure the environment is prepared.
Audit Metadata