agents-controller
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a command for executing local project code to verify implementation.
- Evidence: The
/runcommand launches the project and reports running results and problems. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on project-level documentation to drive orchestration logic.
- Ingestion points: The skill reads
Product-Spec.mdand existing project files from the root directory to determine development context (0-1 vs iteration mode) and route instructions. - Boundary markers: No explicit markers or delimiters are defined to isolate the content of documentation files from the orchestrator's system instructions.
- Capability inventory: The skill has the ability to read/write files and execute code via the
/rundirective. - Sanitization: The skill implements functional conflict detection to identify logical contradictions in requirements, but it does not provide security-focused sanitization of the processed project files.
Audit Metadata