feature-planning
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to indirect prompt injection through the ingestion of external markdown data.
- Ingestion points:
docs/features/[feature-name]/breakdown.md(read during Phase 1). - Boundary markers: Absent. The instructions do not define delimiters or specific warnings for the agent to ignore instructions embedded in the breakdown document.
- Capability inventory: Workspace file operations (reading breakdown files and writing implementation sequences).
- Sanitization: Absent. The skill extracts raw text for task IDs, descriptions, and criteria without validation or escaping.
Audit Metadata