feature-plan

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to read from ~/.local/share/dotfiles/ai/guides/feature-development-process.md. Accessing hidden directories within the user's home folder is a sensitive operation as dotfiles often contain private configurations, SSH keys, and other credentials.
  • [PROMPT_INJECTION]: The skill processes multiple external technical files without adequate safeguards against indirect prompt injection.
  • Ingestion points: Processes vision.md, requirements.md, and spec.md to generate implementation plans.
  • Boundary markers: Absent. The instructions do not specify delimiters or provide guidance to ignore instructions embedded in the input files.
  • Capability inventory: Generates detailed implementation plans and code blocks. The instructions state disable-model-invocation: true, which restricts the agent's ability to execute tools directly.
  • Sanitization: Absent. Data from external files is directly used to structure the implementation document.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 01:43 PM
Security Audit — agent-trust-hub — feature-plan