feature-plan
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from processed technical documents.
- Ingestion points: The skill reads content from
vision.md,requirements.md, andspec.mdin the project directory, as well as a guide file located in the user's home directory (~/.local/share/dotfiles/ai/guides/feature-development-process.md). These documents are external to the skill and potentially attacker-controlled. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard or escape instructions found within the ingested markdown files.
- Capability inventory: The agent is instructed to generate, write, and update several files, including
plan.md,plan-backend.md,plan-frontend.md, anddiscussion-summary.mdbased on the contents of the input documents. - Sanitization: The skill lacks mechanisms to sanitize, validate, or filter the content of ingested files before they influence the agent's logic and the resulting output files.
Audit Metadata