add-subfeature
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The function
discover_installed_skillsinlib/workflow_state/parity.pyexecutes the commandnpx skills ls -g --jsonto identify installed skills and their file paths for parity verification. - [EXTERNAL_DOWNLOADS]: The use of
npxto execute theskillsutility may result in the download of the package from the official npm registry if it is not cached in the local environment. - [REMOTE_CODE_EXECUTION]: The skill employs
importlib.utilinlib/workflow_state/inventory.pyandscripts/manage_subfeatures.pyto dynamically load and execute local Python modules from computed file paths, facilitating integration between planning and execution components. - [PROMPT_INJECTION]: The skill processes untrusted data from project Markdown files and JSON metadata, presenting an indirect prompt injection surface.
- Ingestion points: Content is read from Markdown tables in
slice-traceability.mdand structured fields in.subfeature-meta.jsonandregistry.json. - Boundary markers: Absent. The skill parses these files directly into internal workflow models without specific delimiters to ignore embedded instructions.
- Capability inventory: Includes the ability to create directories, write metadata and documentation files, and execute local shell commands.
- Sanitization: The skill validates subfeature IDs against a regex pattern and restricts status transitions to a predefined whitelist of valid states.
Audit Metadata