breakdown
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/scaffold_breakdown.pyuses theimportlib.utilmodule to dynamically load and execute a Python script from a calculated relative path (../../add-subfeature/scripts/manage_subfeatures.py). This dynamic loading and execution of code from outside the skill's own directory creates a runtime dependency on external files that are executed within the agent's context. - [COMMAND_EXECUTION]: The skill's scaffolding functionality in
scripts/scaffold_breakdown.pyperforms file system operations, including directory creation and file writing, based on thetargetargument provided at the command line. This allows the skill to modify the project structure dynamically. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes repository-level artifacts that are often controlled by various contributors.
- Ingestion points: Reads various project documents including
discover.md,system-design.md,ui-design.md, anduser-stories.mdto drive the decomposition process. - Boundary markers: Absent. The skill instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when reading these files.
- Capability inventory: The skill has the capability to write to the file system and execute dynamic Python modules through
scripts/scaffold_breakdown.py. - Sanitization: Absent. The skill does not validate or escape the content gathered from the ingested markdown files before incorporating it into the final planning artifacts.
Audit Metadata