Skills
skills/melodic-software/claude-code-plugins/gherkin-authoring/Gen Agent Trust Hub

gherkin-authoring

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill transforms untrusted requirement documents into executable Gherkin and C# code. This ingestion of external data, combined with Write and Edit permissions, creates a high-risk surface for indirect prompt injection. \n
  • Ingestion points: External requirements and feature files. \n
  • Boundary markers: No markers are used to isolate untrusted data. \n
  • Capability inventory: Access to Read, Glob, Grep, Write, and Edit tools. \n
  • Sanitization: No sanitization of input data is described. \n- [EXTERNAL_DOWNLOADS] (LOW): The skill references Reqnroll and Reqnroll.NUnit NuGet packages. While these are standard tools in the BDD ecosystem, they represent external, non-trusted dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:57 AM