feature-review
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting untrusted data from the project's code and documentation to generate outputs. * Ingestion points: Data is read from files and Git history based on the
scan_pathssetting inmodules/configuration.md(defaulting tosrc/,commands/,skills/, andagents/). * Boundary markers: No explicit delimiters are documented to separate scanned content from the agent's internal instructions or to prevent the agent from following instructions found in the codebase. * Capability inventory: The skill uses theghCLI for issue creation and can write to local files (backlog). * Sanitization: Theissue_templateinmodules/configuration.mdinterpolates variables like{{ description }}and{{ tradeoffs_summary }}directly into prompts without evidence of escaping, validation, or sanitization. - [COMMAND_EXECUTION]: The skill documentation instructs users to run
make test-feature-review, which executes shell commands defined in a local Makefile for logic verification.
Audit Metadata