gherkin
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands (e.g.,
mkdir -p) to establish the requiredbdd/directory structure. This is a standard and expected behavior for a scaffolding utility. - [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface as it ingests untrusted data from project files such as
prd/changelog.md,prd/specs/, and variousREADME.mdfiles to synthesize context for scenario generation. - Ingestion points:
prd/changelog.md,prd/specs/*.md,**/README.md, and source code files. - Boundary markers: The skill does not explicitly use delimiters or 'ignore' instructions when processing this content.
- Capability inventory: The skill can write and append to files (feature files, step definitions, and index files) and create directories.
- Sanitization: No specific sanitization or filtering of the extracted text is performed before it is used to drive the generation logic.
- [EXTERNAL_DOWNLOADS]: The skill templates reference standard, well-known libraries such as
github.com/cucumber/godogand@cucumber/cucumber. These are legitimate dependencies for BDD frameworks and do not pose a security risk in this context.
Audit Metadata