project-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely on local project files within the
/docsdirectory. It manages development tasks by reading and updating standard documentation like PRD (Product Requirement Document) and SAD (Software Architecture Document). - [SAFE]: The execution of shell commands is limited to local directory management (
mkdir -p) and standard task tracking. No high-risk administrative commands or privilege escalation attempts were found. - [SAFE]: No external network connections, data exfiltration patterns, or unverified remote downloads are present. All references to other skills (
project-docs-setup,project-planning) are internal to the agent environment. - [SAFE]: The skill proactively includes a security and quality check phase, instructing a subagent to specifically look for vulnerabilities like SQL injection and XSS in the code it processes.
- [SAFE]: No obfuscation, hardcoded credentials, or persistence mechanisms were detected in the instructions or logic.
Audit Metadata