Skills
skills/thapaliyabikendra/agentic-dev-flow/feature-specification/Gen Agent Trust Hub

feature-specification

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface. It reads external content from GitLab issues and local markdown files (BC_SPEC.md, AGGREGATE_*.md) and interpolates this potentially untrusted data directly into a prompt template (feature-spec-issue-template.md).
  • Ingestion points: Reads GitLab issue content via mcp__gitlab__get_issue and local domain documentation via file read operations.
  • Boundary markers: None observed. The content is directly mapped to placeholders like {{feature_summary}} and {{story_title}} without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill has the capability to write to the external GitLab environment using mcp__gitlab__create_issue and mcp__gitlab__create_issue_link.
  • Sanitization: No explicit sanitization or validation of the input data is mentioned before it is used to generate the new GitLab issue.
  • [COMMAND_EXECUTION]: The skill uses local shell-like commands to read project files. However, these operations are restricted to specific project paths (docs/contexts/) and appear to be part of the intended workflow without exposure to arbitrary user-supplied arguments beyond a context slug.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 11:53 PM
Security Audit — agent-trust-hub — feature-specification