Skills
skills/laurigates/claude-plugins/blueprint-feature-tracker-sync/Gen Agent Trust Hub

blueprint-feature-tracker-sync

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute system commands such as jq for JSON manipulation, sha256sum for file integrity checks, and mv/test for filesystem management. These operations are restricted to the local project environment.
  • [SAFE]: No evidence of data exfiltration, remote code execution, or credential harvesting was found. The skill does not use network-enabled tools and focuses exclusively on local project metadata management.
  • [SAFE]: The skill processes project-controlled data (TODO.md and feature-tracker.json). While this represents a potential surface for indirect prompt injection, the risk is mitigated by the skill's prescriptive logic and the use of the AskUserQuestion tool for manual discrepancy resolution.
  • Ingestion points: TODO.md, docs/blueprint/feature-tracker.json
  • Boundary markers: Absent
  • Capability inventory: Read, Write, Bash (jq, mv, sha256sum)
  • Sanitization: Absent
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:17 AM