feature-auto
Fail
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses 'CRITICAL OVERRIDE' markers to bypass human-in-the-loop (HITL) safety protocols. It explicitly commands the agent to 'NEVER ask the user for input, confirmation, or approval' and to 'override' the core safety principles of the 'feature-dev' tool.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data through the '$ARGUMENTS' parameter (SKILL.md) without boundary markers or sanitization. This data is used to drive a capability inventory that includes autonomous file reading, creation, modification, and deletion within the project repository.
- [COMMAND_EXECUTION]: The skill enables autonomous file system operations, including the modification and deletion of files, by removing user confirmation checkpoints from the 'feature-dev' workflow.
- [EXTERNAL_DOWNLOADS]: The skill installs the 'feature-dev' plugin from 'claude-plugins-official', which is an official and trusted source for the platform.
Recommendations
- AI detected serious security threats
Audit Metadata