Skills
skills/notque/claude-code-toolkit/feature-plan/Gen Agent Trust Hub

feature-plan

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external design documents from the .feature/state/design/ directory. These documents influence the generation of implementation plans that include executable verification commands. \n
  • Ingestion points: Design artifacts are read from .feature/state/design/*-FEATURE.md. \n
  • Boundary markers: No delimiters or instructions are used to separate untrusted document content from the planning instructions. \n
  • Capability inventory: The skill uses the Bash tool and references scripts for state management and database interaction. \n
  • Sanitization: The skill does not validate or sanitize content extracted from design documents before generating tasks. \n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local Python scripts (feature-state.py and learning-db.py) located in the ~/.claude/scripts/ directory to manage feature state transitions and persist learnings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:28 PM
Security Audit — agent-trust-hub — feature-plan