devdocs-feature
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from both user-provided feature descriptions and existing project files. \n * Ingestion points: Existing documentation files (e.g., docs/devdocs/01-requirements.md) read during the initial scan (Step 0) and the user-provided feature description. \n * Boundary markers: Absent; no delimiters are used to differentiate untrusted data from system instructions. \n * Capability inventory: Access to powerful tools including Bash, Read, Write, Edit, Glob, and Grep. \n * Sanitization: No validation or sanitization mechanisms are specified for the content processed from external sources.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for task orchestration and file management. Because it interpolates user-provided strings and file content into command-line invocations (such as when delegating to /devdocs-requirements), there is a potential risk of command injection if inputs are not strictly escaped or validated before execution.
Audit Metadata