implement-feature
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's logic is designed to facilitate local development workflows by reading project-specific requirements and coordinating sub-agents. It does not perform unexpected network operations or access sensitive system credentials.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) due to its core design of processing external specification files to drive agent actions.
- Ingestion points: The skill reads content from the
specs/{feature}/directory, includingREADME.md,requirements.md, and various task files. - Boundary markers: Input from these files is interpolated directly into prompts for sub-agents (e.g., using placeholders like
{requirements}and{task_content}) without explicit boundary delimiters or instructions to ignore embedded commands. - Capability inventory: The skill has the ability to spawn powerful sub-agents (coder and reviewer) and execute shell commands for linting, typechecking, and git version control.
- Sanitization: There is no mention of sanitizing or validating the content of the specification files before they are passed to the sub-agents.
- Mitigation: The risk is significantly reduced by the mandatory 'Code Review Gate' (Step 6) and 'Fix Loop' (Step 7), which utilize a separate agent to verify the integrity and safety of the implementation before any changes are committed.
Audit Metadata