assess
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/analyze_impact.pydynamically loads internal project modules usingimportlib.util. Specifically, it executesmanage_subfeatures.pyfrom a relative path within the repository to resolve features and update registry states.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes content from external planning artifacts.\n - Ingestion points: The
scripts/analyze_impact.pyscript reads text from markdown files in thedocs/features/directory (e.g.,user-stories.md,slice-planning.md).\n - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands when the skill reads and interpolates these external text snippets into its output or metadata.\n
- Capability inventory: The skill possesses the ability to read and write files, and through its internal modules, it can update project metadata and registries.\n
- Sanitization: While the script uses regex to validate specific identifiers (IDs), it does not sanitize broader descriptive text or summaries extracted from the source documents before they are used in the impact analysis.
Audit Metadata