scope-check
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs shell commands (including grep, find, and wc) by inserting keywords extracted from user-provided specifications into command templates. There is a potential risk of command injection if the agent fails to sanitize these keywords, allowing shell metacharacters to alter the intended command execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from feature specifications and tickets. Maliciously crafted documents could contain instructions designed to bias the analysis or bypass the skill's logic.
- Ingestion points: Processes external PRDs, specs, and tickets through the Read tool.
- Boundary markers: No specific delimiters or 'ignore' instructions are used when processing external document content.
- Capability inventory: Includes file system search and local file writing capabilities (mkdir, echo, redirection) via Bash.
- Sanitization: The skill lacks explicit instructions for the agent to sanitize or escape data before including it in bash commands.
Audit Metadata