backend
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted feature specifications and git history which could contain malicious instructions. Ingestion points: features/INDEX.md, [feature-spec-path], and git log. Boundary markers: Absent; no instructions are provided to the model to ignore instructions embedded in the specs. Capability inventory: File system read/write, git commands, and build script execution (npm run build). Sanitization: Absent.
- [Command Execution] (SAFE): Employs standard development commands (git, ls, npm run build) required for the agent's defined role.
Audit Metadata