dev-status
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the analysis of project-controlled files.
- Ingestion points: The feature-batch-scanner agent reads content from files such as 00-master-plan.md and checkpoint.md within the .dev/ folder.
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided to the subagent when processing these files.
- Capability inventory: The agent has permissions for Bash execution, including file deletion (rm) and movement (mv).
- Sanitization: While validate.sh prevents directory traversal, there is no sanitization of the data ingested from the PRD files.
- [COMMAND_EXECUTION]: The skill executes local shell scripts and standard utilities for file management.
- Evidence: Scripts discover.sh and validate.sh are called to identify the project root and verify feature paths.
- Scope: File operations (mkdir, mv, rm) are restricted to the project's .dev/ and .dev-archive/ directories.
Audit Metadata