increment-planner
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill processes user-supplied feature descriptions to generate increment files. 1. Ingestion point: User input via args or /sw:increment command. 2. Boundary markers: None used in markdown templates. 3. Capability inventory: Filesystem writes (mkdirSync), CLI calls (specweave), and dynamic execution (ts-node). 4. Sanitization: Partial sanitization for filenames only in feature-utils.js; no sanitization of content before template interpolation. Evidence: phases/02-create-increment.md.
- [Dynamic Execution] (MEDIUM): Uses npx ts-node -e to execute dynamically constructed script blocks for increment creation. This pattern is sensitive to input escaping and represents a dynamic code execution surface. Evidence: phases/02-create-increment.md.
- [Command Execution] (LOW): Executes shell commands (bash, jq, grep) and a project-specific CLI (specweave) to manage state and validate templates. Evidence: SKILL.md and phases/00-preflight.md.
Audit Metadata