ac-feature-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from a project directory (
project_dir). An attacker could place malicious instructions within feature definitions or source code comments to influence the analysis results, potentially tricking the agent into executing specific build orders or prioritizing malicious 'features'. * Ingestion points: Reads from project_dir (scripts/feature_analyzer.py) * Boundary markers: Absent * Capability inventory: Determines critical paths and 'next_features' which drive agent implementation decisions * Sanitization: Absent. - [No Code] (MEDIUM): The primary functionality is hidden in
scripts/feature_analyzer.py. Without visibility into this script, its safety, file access patterns, and data handling cannot be verified. - [Command Execution] (MEDIUM): The quick start example imports and executes a Python class that likely performs filesystem operations and potentially executes system commands to analyze the project environment.
Recommendations
- AI detected serious security threats
Audit Metadata