Skills
skills/laurigates/claude-plugins/feature-tracking/Gen Agent Trust Hub

feature-tracking

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run jq for extracting statistics and filtering feature data from docs/blueprint/feature-tracker.json. It also suggests the use of ajv-cli for JSON schema validation. These commands are standard for the skill's data management tasks.
  • [DATA_EXFILTRATION]: The skill operates entirely on local project assets, including REQUIREMENTS.md, TODO.md, and the feature tracker JSON. There is no evidence of network activity or attempts to send data externally.
  • [PROMPT_INJECTION]: The skill reads and processes content from project documents like REQUIREMENTS.md and TODO.md to update the feature tracker. This category identifies a vulnerability to indirect prompt injection. Ingestion points: REQUIREMENTS.md, TODO.md, feature-tracker.json. Boundary markers: None identified. Capability inventory: File read/write/edit via Read, Write, Edit, and Bash (jq, ajv). Sanitization: None identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:17 AM
Security Audit — agent-trust-hub — feature-tracking