feature-doc-splitter-cn
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
rg(ripgrep) to search for existing code patterns (pages, routes, components) andgit diff --checkfor final validation. These are legitimate uses of development tools for context gathering and verification. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted requirement documents provided by users.
- Ingestion points: Reads external 'initial requirement documents' and repository
AGENTS.mdfiles (SKILL.md, Step 2). - Boundary markers: Absent; there are no instructions to use delimiters or ignore potential commands embedded in the requirement files.
- Capability inventory: The skill has the ability to read and write files, as well as execute shell commands (
rg,git). - Sanitization: No explicit sanitization or filtering of input data is mentioned, though it includes a human-in-the-loop step where it asks the user for confirmation before creating Pencil placeholder files.
Audit Metadata