feature-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the local codebase environment without explicit sanitization or boundary markers.
- Ingestion points: Phase 2 (Codebase Exploration) and Phase 5 (Implementation) specify reading files identified by agents or relevant to the feature.
- Boundary markers: The skill instructions do not define specific delimiters or instructions to ignore embedded prompts within the files being read.
- Capability inventory: The skill has high-impact capabilities, including the ability to write code in Phase 5 and execute the full test suite via a 'test-runner' agent in Phase 6.
- Sanitization: There is no evidence of content sanitization or validation of the data retrieved from the codebase before it is analyzed by the agent.
Audit Metadata