specify-resources
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent or user to execute 'chmod +x' on a set of bash scripts provided by the skill to manage the development environment. This grants execution privileges to local files within the project directory.
- [PROMPT_INJECTION] (MEDIUM): The skill processes untrusted user input via the 'create-new-feature.sh' script's description argument (Category 8). This data is used to initialize the feature environment and AI context. Ingestion point: Feature description string in the 'create-new-feature.sh' command. Boundary markers: None provided in the documented instructions. Capability inventory: Bash script execution, file system creation/modification (mkdir, cp), and AI agent context updates via 'update-agent-context.sh'. Sanitization: No evidence of sanitization for the user-provided feature description strings.
Audit Metadata