Skills
skills/mgiovani/cc-arsenal/implement-feature/Gen Agent Trust Hub

implement-feature

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automatically identifies and executes shell commands for testing, linting, and building (such as npm test, pytest, or make) based on local project configuration files like package.json, Makefile, or pyproject.toml. These commands are executed during the verification phase and within an automated 'Stop' hook to enforce quality gates.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting content from local project files (e.g., CLAUDE.md) and user-provided feature descriptions, which are subsequently interpolated into subagent prompts without strict sanitization or boundary markers.
  • Ingestion points: Local project configuration files, documentation files, and user-supplied arguments.
  • Boundary markers: Absent in subagent and research prompts.
  • Capability inventory: Comprehensive Bash access for shell execution, WebFetch for network access, and task management tools for orchestrating subagents.
  • Sanitization: None present in the instruction flow.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the WebFetch tool to conduct internet searches for software development best practices and library documentation during the research phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:42 PM