feature-plan
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to read from
~/.local/share/dotfiles/ai/guides/feature-development-process.md. Accessing hidden directories within the user's home folder is a sensitive operation as dotfiles often contain private configurations, SSH keys, and other credentials. - [PROMPT_INJECTION]: The skill processes multiple external technical files without adequate safeguards against indirect prompt injection.
- Ingestion points: Processes
vision.md,requirements.md, andspec.mdto generate implementation plans. - Boundary markers: Absent. The instructions do not specify delimiters or provide guidance to ignore instructions embedded in the input files.
- Capability inventory: Generates detailed implementation plans and code blocks. The instructions state
disable-model-invocation: true, which restricts the agent's ability to execute tools directly. - Sanitization: Absent. Data from external files is directly used to structure the implementation document.
Audit Metadata