ws-verifier
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it analyzes content from task definitions, project documentation, and modified source code files. (1) Ingestion points: task definitions, build_result objects, and documentation markdown files. (2) Boundary markers: Absent. No delimiters or isolation instructions are defined for processing external file content. (3) Capability inventory: Reads project documentation and source code; reads and writes session state to .ws-session/verifier.json. (4) Sanitization: None mentioned. The skill analyzes provided text directly without sanitization.
- [COMMAND_EXECUTION]: The skill performs authorized file system operations necessary for its function. It reads project documents and source code for verification and maintains its own state in a session file at .ws-session/verifier.json. These actions are consistent with the skill's primary role as a code verifier and utilize vendor-defined paths.
Audit Metadata