featbit-release-decision
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it integrates data from an external database into the agent's decision-making process.
- Ingestion points: Project state data is retrieved from a database using the
get-projectcommand in theproject-syncskill (referenced inSKILL.md). - Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate between trusted instructions and data retrieved from the database.
- Capability inventory: The skill has the capability to update project state, advance lifecycle stages, and route the agent to downstream skills like
reversible-exposure-controlorevidence-analysisbased on the ingested content. - Sanitization: There is no logic provided to sanitize, validate, or escape the content fetched from the external database before it is used to influence agent behavior.
- [DATA_EXFILTRATION]: The skill's protocol for project synchronization involves passing an
access-tokenas a prompt argument (e.g.,/featbit-release-decision <project-id> <access-token>). While this is a functional requirement for theproject-synctool, it results in the sensitive token being stored in the user's prompt history. Furthermore, the skill allows the configuration ofSYNC_API_URL, which, if modified from its defaultlocalhostvalue, could be used to route synchronization data and tokens to an external endpoint.
Audit Metadata