feature-planning
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill transforms untrusted user feature requests into implementation plans for subagents with code-writing capabilities. This creates a high-risk surface where a malicious feature request could inject instructions that result in backdoors or data exfiltration being 'planned' and then 'implemented' by the agent.
- Ingestion points: User-provided feature requests and descriptions in the 'Planning Workflow' section.
- Boundary markers: Absent. The skill provides no instructions for delimiting user input or treating it as data rather than instructions.
- Capability inventory: The workflow explicitly integrates with a 'plan-implementer' subagent (capable of file modification) and 'git-pushing' (capable of persisting changes to a repository).
- Sanitization: No input validation or sanitization mechanisms are defined to protect the planning process from adversarial input.
Recommendations
- AI detected serious security threats
Audit Metadata