Skills
skills/jamie-bitflight/claude_skills/implement-feature/Gen Agent Trust Hub

implement-feature

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill configuration includes a SubagentStop hook that executes a local Python script to manage task transitions.
  • Evidence: The YAML frontmatter defines a hook that runs python3 "${CLAUDE_SKILL_DIR}/../../implementation-manager/scripts/task_status_hook.py".
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic loading of other skills based on the skills list provided in task metadata.
  • Evidence: The instructions include a loop that calls Skill(skill="{skill-name}") for each item found in a task's skill requirement list.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from task plans and interpolates it directly into delegation prompts for sub-agents.
  • Ingestion points: Task metadata and skill lists are retrieved from local plan files (resolved via dh_paths.plan_dir()) or GitHub backlog items via the backlog_get_ready_sam_tasks tool.
  • Boundary markers: None present; the skill treats retrieved task data as trusted instructions.
  • Capability inventory: The skill can spawn new agents (TeamCreate), load arbitrary skills (Skill), and trigger status updates via MCP tools.
  • Sanitization: No sanitization or validation is performed on the skills names or task instructions before they are passed to sub-agents.
  • Evidence: The prompt generation logic uses {comma-separated skill names} and {task_file_path} --task {task_id} directly from the task data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 08:40 AM