plan-feature

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user input during the 'Requirement Gathering' phase to generate implementation plans and PRDs. While this represents a data ingestion surface, it is a core functional requirement of the planning process.
  • Ingestion points: User input collected via the interactive Discovery Phase interview.
  • Boundary markers: None; the skill relies on the agent to distinguish between planning instructions and user-provided feature details.
  • Capability inventory: Writes documentation to docs/specs/, creates implementation_plan.md and task.md, and executes the internal /implement-feature command.
  • Sanitization: None; requirements are incorporated directly into the generated specification files.
  • [SAFE]: All operations utilize local file system paths and internal skill/command references. There are no external network calls, obfuscated contents, or remote code downloads.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 10:17 PM
Security Audit — agent-trust-hub — plan-feature