Skills
skills/laurigates/claude-plugins/blueprint-feature-tracker-status/Gen Agent Trust Hub

blueprint-feature-tracker-status

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill reads from docs/blueprint/feature-tracker.json. This is a project-specific metadata file and does not contain sensitive system or user credentials.
  • [COMMAND_EXECUTION]: The skill provides examples of using the Bash tool with jq to query the tracker file. These commands are localized to the project's data and do not perform administrative or dangerous system modifications.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from feature-tracker.json and displays it to the user. While this creates a surface for indirect prompt injection if the JSON file is maliciously crafted, the skill only performs read and display operations, and subsequent actions like starting a feature require user interaction via AskUserQuestion.
  • Ingestion points: Reads docs/blueprint/feature-tracker.json using the Read tool.
  • Boundary markers: None explicitly defined; data is parsed as JSON.
  • Capability inventory: Uses Read, Bash (for jq), and AskUserQuestion.
  • Sanitization: No explicit sanitization of JSON strings before display.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:17 AM