autopilot
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection (Category 8). It ingests untrusted data from the user's initial product idea and reads existing specification or plan files from the
.omc/directory to drive its autonomous phases. - Ingestion points: User input (
argument-hint),.omc/specs/deep-interview-*.md,.omc/plans/ralplan-*.md, and.omc/plans/consensus-*.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the skill when processing these external data sources.
- Capability inventory: The skill possesses significant capabilities across its phases, including complex task execution via subagents (Ralph/Ultrawork), shell command execution for building and testing (Phase 3), and file system modification/deletion (Phase 6).
- Sanitization: The skill lacks explicit sanitization or validation logic for the content of the specifications or plans it processes before they influence the execution phase.
- [COMMAND_EXECUTION]: The skill is designed to autonomously run build, lint, and test suites (Phase 3). This involves executing shell commands derived from the environment or the generated project code. While this is the intended primary purpose, it constitutes the execution of code that may have been influenced by external specifications.
Audit Metadata