feature-dev
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to read and process external codebase data which acts as an untrusted input source. Because the skill also has the capability to write and modify files (Phase 5: Implementation), it creates a high-severity attack surface where malicious instructions embedded in code comments or documentation could hijack the development process.
- Ingestion Point: Phase 2 and Phase 5 explicitly read files from the codebase to build context.
- Capability Inventory: The skill has the authority to 'Implement' features, which involves writing or modifying the filesystem.
- Boundary Markers: Absent. There are no instructions to the agent to treat file content as data only or to ignore embedded natural language instructions.
- Sanitization: Absent. The skill does not describe any validation or filtering of the code it reads before using it to inform the architecture and implementation decisions.
Recommendations
- AI detected serious security threats
Audit Metadata