architecture
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Reads user-provided feature specifications from
/features/PROJ-X.mdandfeatures/INDEX.md. - Boundary markers: Absent. The skill does not use delimiters or instructions to ignore potential commands embedded within the feature specs.
- Capability inventory: The skill has access to
Bash,Write,Edit, andGreptools. - Sanitization: Absent. There is no logic to sanitize or validate the content of the feature specs before processing.
- [COMMAND_EXECUTION] (SAFE): The
Bashtool is used strictly for discovery viagit ls-filesto identify existing components and APIs. This is an appropriate and safe use of the tool for providing project context.
Audit Metadata