feature-vision
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design, as it ingests and processes untrusted external data.
- Ingestion points: The skill explicitly prompts the user to tag files (e.g.,
@notes.mdor@filename.md) and incorporates their content into the generated documents. It also relies on user chat input across five discovery phases. - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the model from obeying instructions that might be embedded within the source notes or user answers.
- Capability inventory: The skill performs local file read operations and creates/writes three new files (
vision.md,future.md, anddiscussion-summary.md) to the user's filesystem. - Sanitization: Absent. The skill does not implement any validation, escaping, or filtering of the content retrieved from the notes before using it to generate output.
- [DATA_EXFILTRATION]: The skill accesses a specific path in the user's home directory:
~/.local/share/dotfiles/ai/guides/feature-development-process.md. While the skill describes this as a development guide, accessing files within hidden system directories or dotfiles represents a data exposure surface that could be exploited if the path was modified to target sensitive data.
Audit Metadata