faion-feature-executor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes arbitrary shell commands for testing, building, and formatting based on instructions in the project's 'constitution.md' file via the Bash tool. While this is the intended function for a development orchestrator, it creates a vector for executing malicious commands if the project configuration is subverted.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection as it ingests untrusted project files. 1. Ingestion points: constitution.md, spec.md, design.md. 2. Boundary markers: Absent in LLM prompts; untrusted data is interpolated directly into instructions. 3. Capability inventory: Full access to high-privilege tools including Bash, Write, Edit, and Glob. 4. Sanitization: No evidence of sanitization or validation of external configuration data before use.
- [REMOTE_CODE_EXECUTION] (LOW): The skill generates and executes test code and builds at runtime based on the project's source code. This is a primary function (Category 10) but presents a theoretical risk if source patterns are designed to exploit the agent's code generation logic.
Audit Metadata