foundry-spec
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute arbitrary shell commands as part of the implementation verification process. Specifically, 'verify' nodes with the 'run-tests' type are intended to run test suites directly via Bash, allowing for the execution of commands like 'pytest' or 'npm test' (documented in references/task-hierarchy.md and references/modification-operations.md).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of analyzing external codebase content.
- Ingestion points: The skill uses tools such as Grep, Read, and LSP-based analysis to ingest content from the project's files (SKILL.md, references/codebase-analysis.md).
- Boundary markers: No explicit delimiters or instructions to treat codebase content as data rather than instructions are provided in the prompts.
- Capability inventory: The agent can write/modify files and execute shell commands (references/task-hierarchy.md).
- Sanitization: The skill lacks documented sanitization or validation of the data extracted from the codebase before it is passed to AI models for planning or review tasks.
Audit Metadata