Skills
skills/laurigates/claude-plugins/blueprint-feature-tracker-sync/Gen Agent Trust Hub

blueprint-feature-tracker-sync

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests and processes untrusted data from TODO.md to reconcile task statuses.
  • Ingestion points: Reads checkbox states and task descriptions from TODO.md (Step 3).
  • Boundary markers: None explicitly defined to separate untrusted file content from instructions.
  • Capability inventory: Uses Bash for command execution and Write for file modifications across SKILL.md.
  • Sanitization: The skill parses for specific structural markers (checkboxes) but does not validate or sanitize the surrounding text content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:18 PM
Security Audit — agent-trust-hub — blueprint-feature-tracker-sync