create-feature
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user data via the $ARGUMENTS variable to define feature requirements. This creates a surface for indirect prompt injection where malicious input could influence the generated code or build process.
- Ingestion points: The $ARGUMENTS placeholder in SKILL.md receives user-provided feature descriptions.
- Boundary markers: There are no explicit delimiters or instructions for the agent to ignore embedded commands within the user input.
- Capability inventory: The skill has the capability to create and modify files across the project structure and execute build commands (dotnet build, nx build), as documented in SKILL.md.
- Sanitization: No validation or sanitization of the user input is implemented.
- [COMMAND_EXECUTION]: The skill utilizes system-level commands dotnet build and nx build to verify the scaffolded code, which is consistent with its stated purpose as a development tool.
Audit Metadata