dev-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
reference/bug-fix.mdfile explicitly instructs the agent to execute verification commands after applying fixes, specifically referencingnpm test,pytest,go test ./...,eslint,ruff, andgolangci-lint. - [EXTERNAL_DOWNLOADS]: In
reference/implementation.md, the agent is prompted to prepare the environment by installing dependency packages, which involves fetching code from external repositories like NPM or PyPI. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted user data combined with its command execution capabilities.
- Ingestion points: The agent ingests user-provided bug reports, logs, and code snippets within
reference/bug-fix.md,reference/implementation.md, andreference/review.md. - Boundary markers: Absent. The skill does not provide delimiters or specific instructions for the agent to distinguish between its own system instructions and potentially malicious instructions embedded in the user-provided data.
- Capability inventory: The agent is granted the ability to modify local files and execute system commands including package managers, linters, and test runners.
- Sanitization: Absent. There are no mechanisms defined to validate or sanitize user input before it is utilized in file writing or subprocess execution.
Audit Metadata