Skills
skills/andrewvaughan/agent-council/plan-feature/Gen Agent Trust Hub

plan-feature

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting untrusted data from external sources.
  • Ingestion points: The skill reads the title and body of GitHub issues using the gh issue view command in Step 1 of SKILL.md.
  • Boundary markers: There are no clear delimiters or instructions to the agent to ignore potentially malicious instructions embedded within the issue body.
  • Capability inventory: The skill possesses high-privilege capabilities including branch creation (git checkout -b), code pushing (git push), pull request creation (gh pr create), and project board modification (gh project item-edit).
  • Sanitization: The untrusted issue content is not sanitized or validated before being presented to the 'Product Council' and 'Feature Council' personas for evaluation.
  • [COMMAND_EXECUTION]: The skill utilizes multiple system-level CLI tools to perform its tasks.
  • Evidence: Uses git for repository management, gh for GitHub API interactions, and pnpm for running the Prettier formatter.
  • Context: These operations are core to the skill's functionality for planning and documenting features.
  • [COMMAND_EXECUTION]: The skill generates and executes short Python scripts at runtime to process data.
  • Evidence: In SKILL.md Steps 7 and 9, the skill uses python3 -c to parse JSON output from the GitHub CLI to extract specific metadata like item IDs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 09:14 PM