Skills
skills/devarfeen/agent-skills-kit/feature-discovery/Gen Agent Trust Hub

feature-discovery

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes common CLI utilities like rg, find, git, and gh to perform discovery and trace features across projects. These tools are used in a read-only manner consistent with auditing and information-gathering tasks.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from repository source code and GitHub issue comments. However, the risk is mitigated by the skill's explicit 'read-only' rules and prohibitions against destructive commands or code execution.
  • Ingestion points: Codebase files, documentation, and GitHub issue content retrieved via the gh tool.
  • Boundary markers: None explicitly defined.
  • Capability inventory: Limited to read-only CLI search and discovery tools.
  • Sanitization: No specific data validation or escaping processes are described.
  • [SAFE]: The skill is strictly limited to non-destructive analysis and includes specific rules forbidding file edits, package installations, or destructive git operations like fetch or pull during the discovery process.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 06:22 PM