create-feature-flag-plan
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified during the analysis. The skill's behavior is consistent with its primary purpose of documentation management.\n- [PROMPT_INJECTION]: Evaluated the skill for indirect prompt injection vulnerability surfaces. The skill ingests content from engineering and product documents located in
.chalk/docs/to generate its output. While explicit boundary markers and sanitization steps are absent in the workflow, the risk is determined to be negligible. This is because the skill lacks the capabilities required to execute commands, make network requests, or access sensitive system data (e.g., credentials). The primary operation is the generation of static markdown files.\n - Ingestion points: Reads files from
.chalk/docs/engineering/and.chalk/docs/product/(SKILL.md).\n - Boundary markers: Not explicitly defined for the ingested context.\n
- Capability inventory: Tools are limited to
Read,Glob,Grep, andWrite.\n - Sanitization: No content filtering is applied, but the output context is restricted to markdown documentation.
Audit Metadata