feature-prompt
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) as it processes untrusted data from the local repository and user input to generate instructions for downstream agent tasks.
- Ingestion points: The agent ingests free-form user intake text and repository-specific documentation files, including
CONTEXT.md,CONTEXT-MAP.md, and Architectural Decision Records (ADRs) found indocs/adr/*. - Boundary markers: The skill instructions do not prescribe the use of boundary markers or clear delimiters to differentiate between processed data and instructional content in the generated output.
- Capability inventory: The skill is designed to perform read-only codebase scans using
grepandripgrep(rg) and has the capability to write markdown files to thedocs/prompt/directory. - Sanitization: No sanitization or validation steps are defined to filter potentially malicious instructions embedded within the user requirements or the scanned documentation files before they are incorporated into the final generated prompt.
Audit Metadata