feature-interview
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted user input (feature descriptions) and synthesizes it into a markdown plan saved locally. While this does not lead to code execution within this skill, it poses a minor risk if downstream tools parse these markdown files.
- Ingestion points: User input provided in 'Phase 1' and 'Phase 2' of the process.
- Boundary markers: None; the skill interpolates user ideas directly into the final plan.
- Capability inventory: File-write operations to the
.claude/plans/directory. - Sanitization: No sanitization or escaping of user input is performed before writing to the plan file.
- Data Exposure & Exfiltration (SAFE): No network requests or access to sensitive credentials (e.g., SSH keys, API tokens) were identified.
- External Downloads & RCE (SAFE): The skill does not download external scripts or packages, and it does not utilize dynamic code execution functions like eval() or subprocess calls.
Audit Metadata