foundry-implement
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes instructions and requirements from external specification files, which creates a surface where malicious content in those files could influence agent behavior.
- Ingestion points: Task instructions and context are read from specifications via the foundry-mcp 'task' router (SKILL.md, references/context-gathering.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when passing specification content to the LLM or subagents.
- Capability inventory: The skill has significant authority, including modifying files, spawning subagents, and executing shell commands (SKILL.md, references/parallel-mode.md).
- Sanitization: There is no documented validation or sanitization of the specification data prior to processing.
- [REMOTE_CODE_EXECUTION]: The skill utilizes the Task tool to spawn autonomous subagents (Explore, general-purpose) for codebase investigation and implementation. These agents execute based on dynamically generated prompts containing external task data (references/subagent-patterns.md, references/parallel-mode.md).
- [COMMAND_EXECUTION]: The skill executes shell commands for Git operations (add, commit, push) and runs native project test suites (pytest, jest, npm test) to verify implementations (SKILL.md, references/autonomous-mode.md, references/verification.md).
Audit Metadata