Skills
skills/testacode/llm-toolkit/feature-planner/Gen Agent Trust Hub

feature-planner

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to inspect the local package.json file for validation scripts such as lint, test, or typecheck and offers to execute them. This execution is scoped to the existing project scripts and is explicitly gated by a request for user confirmation.
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection as it captures free-text user responses via the AskUserQuestion tool and writes them into documentation files.
  • Ingestion points: User input captured during the interview steps in SKILL.md is written to /docs/wip/<feature-name>-plan.md.
  • Boundary markers: None; the user's raw input is placed into markdown sections without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill possesses the Bash tool for command execution and Write/Edit tools for file modification.
  • Sanitization: No sanitization, escaping, or validation of the interviewed content is performed before it is written to the filesystem.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:18 AM