feature-implementation
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted user input that influences the behavior of high-capability tools and subagents.
- Ingestion points: The [feature-description] parameter in the /dev:implement command is a primary ingestion point for external content.
- Boundary markers: There are no explicit boundary markers or instructions to isolate the user-provided description from the agent's internal instructions.
- Capability inventory: The skill utilizes high-capability tools including file modification (Write, Edit, MultiEdit), subagent delegation (Task tool), and automated testing frameworks (Playwright MCP).
- Sanitization: The skill lacks specified validation, escaping, or sanitization procedures for the user-supplied implementation requirements.
Audit Metadata