bdd-feature-generator
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is restricted to generating .feature files in the /test/integration/features/ directory, which is standard for project-specific BDD integration tests.
- [SAFE]: While the skill mentions AWS secrets and authentication headers, these are used as placeholders in BDD Given steps (e.g., 'And the header contains the key Authorization with Bearer token') to demonstrate mocking functionality, not for accessing real system credentials.
- [SAFE]: Strict constraints are in place to ensure the agent only uses existing step definitions and follows established patterns, preventing the generation of arbitrary or malicious executable test logic.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection (Category 8) because it uses user-provided data (feature names, endpoint paths, field structures) to generate file content. Ingestion points: Feature requirements gathered in Step 1 of the SKILL.md workflow. Boundary markers: Absent. Capability inventory: File-writing to the specified integration test directory. Sanitization: No explicit validation or escaping of user input is mentioned.
Audit Metadata