feature-design
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bashtool to execute a series of local Python scripts (feature-state.py,adr-query.py,learning-db.py) located in the agent's home directory (~/.claude/scripts/). These scripts are responsible for initializing feature states, reading hierarchical context, and registering architectural decisions. This behavior is consistent with the skill's intended purpose for internal workflow management. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by interpolating user-provided feature names and descriptions into shell command arguments. \n
- Ingestion points: User-provided feature description and triggered feature name inputs. \n
- Boundary markers: The instructions enclose arguments in double quotes (e.g.,
"FEATURE_NAME") to prevent simple word splitting. \n - Capability inventory: The skill is allowed to use
Bash,Write,Read,Grep, andEdittools. \n - Sanitization: There is no explicit instruction to sanitize or escape shell metacharacters (such as backticks or subshells) from the user input before execution.
Audit Metadata