plan-feature
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill implements an 'Interview' phase that ingests untrusted user input which is subsequently used to generate a PRD, Implementation Plan, and Task List. This creates a surface for indirect prompt injection where malicious input could influence the content of generated files or the behavior of the downstream
/implement-featurecommand. - Ingestion points: User input collected during the 'Requirement Gathering (Interview)' step (Step 1) in
SKILL.md. - Boundary markers: Absent; the instructions do not define delimiters or specific warnings to ignore instructions embedded within the user-provided requirements during PRD generation.
- Capability inventory: The skill performs file writes to the local workspace (
docs/specs/,implementation_plan.md,task.md) and executes the/implement-featurecommand. - Sanitization: No sanitization, escaping, or validation of the gathered user requirements is described before they are interpolated into the workflow.
- [NO_CODE]: The skill consists exclusively of markdown instructions and metadata. It does not include any standalone scripts, binaries, or configuration files that execute logic outside of the agent's prompt context.
Audit Metadata