Skills
skills/erichowens/some_claude_skills/feature-manifest/Gen Agent Trust Hub

feature-manifest

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local command-line tools to manage feature metadata.
  • It specifically uses npm run for commands such as feature:info, feature:validate, and feature:health.
  • These operations are standard for development workflows and are scoped to the local project environment.
  • [PROMPT_INJECTION]: The skill is subject to a surface-level risk of indirect prompt injection as it processes external YAML data.
  • Ingestion points: The agent reads feature manifest files (.yaml) using commands like npm run feature:info.
  • Boundary markers: The instructions do not define specific delimiters or instructions to ignore content within the manifests.
  • Capability inventory: The skill possesses Bash, Write, and Edit permissions, which are necessary for its documented functionality.
  • Sanitization: There is no mention of sanitizing or validating the text content within the manifest files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 03:12 PM