implement-feature
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard Git commands (
git pull,git worktree add) and filesystem operations (cd) to manage the development environment. These commands are localized to the repository and are standard for the described workflow. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, potentially untrusted sources (JIRA tickets and local PRD files).
- Ingestion points: Data enters the agent context via JIRA URLs or local PRD file paths specified in the
/implement-featurecommand (SKILL.md, Step 1). - Boundary markers: The instructions do not specify explicit delimiters or "ignore instructions" warnings when processing external requirements.
- Capability inventory: The agent has the capability to execute shell commands (Git), write files (
implementation_plan.md,task.md), and execute testing tools (playwright-cli,appium-mcp). - Sanitization: The risk is significantly mitigated by a mandatory "HARD STOP" in Step 1, which requires the user to review and approve the
implementation_plan.mdbefore any code implementation or tool execution begins.
Audit Metadata