blueprint
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute a local shell command to open generated documentation files if the 'auto_preview' configuration flag is enabled by the user.\n- [PROMPT_INJECTION]: The skill processes untrusted user input provided via arguments as feature descriptions. These descriptions are interpolated into prompts used by downstream planning and research agents, creating a surface for indirect prompt injection.\n
- Ingestion points: User-provided arguments are captured in the 'feature_description' block within SKILL.md.\n
- Boundary markers: Present (the skill uses XML-style tags to delimit the input).\n
- Capability inventory: The skill can write files to the 'docs/plans/' directory, append content to 'AGENTS.md', execute shell commands (via 'open'), and invoke multiple specialized agent skills.\n
- Sanitization: No explicit content filtering or sanitization is performed on the user input before it is passed to other components.
Audit Metadata