feature-build
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands to manage the development lifecycle, including 'npm run build', 'npm run lint', 'npm run dev', and 'npm rebuild better-sqlite3'. It also performs git operations such as staging files and committing with conventional messages. These are standard operations for a development-focused agent.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads and acts upon the contents of 'TASKS.md' and 'CHANGELOG.md'.
- Ingestion points: The agent reads 'TASKS.md' during Phase 1 to identify feature scope and 'CHANGELOG.md' during Phase 6.
- Boundary markers: The skill does not define specific delimiters or instructions to the LLM to ignore potentially malicious embedded commands within these files.
- Capability inventory: The agent has the ability to execute shell commands ('npm'), navigate and interact with a browser via MCP tools, and perform git commits.
- Sanitization: No sanitization or validation logic is present to filter content from the ingested files before they influence the agent's behavior.
Audit Metadata