Skills
skills/moghenry/superminds/feature-list-mind/Gen Agent Trust Hub

feature-list-mind

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute local shell commands, including running a project-provided setup script via bash init.sh and various Git operations (git add, git commit, git log, git status, git stash) to manage development state.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and interprets data from project files features.json and PROGRESS.md to determine its next implementation tasks.
  • Ingestion points: features.json and PROGRESS.md files located in the project root.
  • Boundary markers: None; the agent is instructed to treat the JSON file as the 'Single Source of Truth'.
  • Capability inventory: File system writing, Git command execution, and arbitrary shell script execution via bash.
  • Sanitization: None; the skill does not specify validation or sanitization of the feature descriptions or verification steps before the agent acts upon them.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 12:07 AM