implement-feature
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted user input to guide its operations.
- Ingestion points: Phase 1 processes user-provided feature requirements or stories.
- Boundary markers: Absent; there are no instructions to the agent to treat input data as non-executable or to ignore embedded instructions.
- Capability inventory: The agent is tasked with writing code to the filesystem, executing build/test/runtime skills (subprocess calls), and performing browser automation via the Playwright MCP.
- Sanitization: Absent; the skill does not define validation or filtering logic for the input requirements.
- [REMOTE_CODE_EXECUTION]: The skill's primary function involves a cycle of dynamic code generation and execution.
- Evidence: The agent generates code based on requirements, which is then compiled and run during the 'Build Validation', 'Test Validation', and 'Runtime Validation' phases.
- [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands to manage the application lifecycle.
- Evidence: Phase 5 explicitly instructs the agent to run the 'aspire run' command.
Audit Metadata