feature-radar-ref
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from external sources.
- Ingestion points: The skill explicitly instructs the agent to fetch content from user-provided URLs and GitHub issues/PRs to gather context for recorded observations (SKILL.md).
- Boundary markers: The workflow does not include instructions to use delimiters or ignore embedded commands within the retrieved external content.
- Capability inventory: The agent has permissions to create new markdown files and append to existing ones in the
.feature-radar/references/directory, as well as update thebase.mdtracking file (SKILL.md). - Sanitization: No sanitization, validation, or filtering of the fetched external content is described before it is processed or stored.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve content from external domains.
- Details: The workflow involves fetching content from GitHub (a well-known service) and arbitrary URLs provided by the user, which may point to untrusted or malicious sources (SKILL.md).
Audit Metadata