ws-dev
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes task definitions, iteration findings, and project documentation as instructions, creating a surface for indirect prompt injection. 1. Ingestion points: Input JSON and documentation files in the documentation/ directory. 2. Boundary markers: Absent; no instructions are provided to ignore embedded directives in external files. 3. Capability inventory: The skill can read, create, and modify project files. 4. Sanitization: No sanitization is performed on ingested content.
- [COMMAND_EXECUTION]: The skill performs git operations, specifically 'git checkout [task_branch]', using values provided in the task definition. Unvalidated input in the task_branch field could lead to command injection if not properly handled by the execution environment.
Audit Metadata