cs-feat-design
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands such as
grepand project-specific Python utilities (validate-yaml.py,search-yaml.py) to search through project history and validate the structure of generated configuration files. These commands are integral to the skill's function and operate on local project data. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing external feature intent and roadmap files during the design drafting phase.
- Ingestion points: The agent reads and processes data from
{slug}-intent.md,{roadmap-slug}-roadmap.md, and{roadmap-slug}-items.yamlto populate design documents. - Boundary markers: No specific markers or delimiters are used to differentiate untrusted external content from the skill's internal instructions.
- Capability inventory: The skill has permissions to write files to the local filesystem and execute internal project scripts for validation and search.
- Sanitization: The skill employs
validate-yaml.pyto check the integrity of the resulting YAML checklists, though it does not explicitly sanitize the textual inputs from intent files.
Audit Metadata