build-feature
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via external data sources.
- Ingestion points: The agent fetches and parses data from GitHub issue bodies (
gh issue view), GitHub project items (gh project item-list), and local decision records (docs/decisions/) to define the implementation plan. - Boundary markers: There are no explicit instructions to use delimiters or ignore embedded natural language instructions within the fetched external data.
- Capability inventory: The skill possesses significant capabilities, including executing shell commands (
git,gh,pnpm), modifying project files across the entire stack, and running local test suites which could be exploited if malicious instructions are present in the ingested plan. - Sanitization: The skill does not implement validation or sanitization of the fetched issue content before using it to drive code generation and execution.
Audit Metadata