feature-doc-splitter-cn

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses rg (ripgrep) to search for existing code patterns (pages, routes, components) and git diff --check for final validation. These are legitimate uses of development tools for context gathering and verification.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes untrusted requirement documents provided by users.
  • Ingestion points: Reads external 'initial requirement documents' and repository AGENTS.md files (SKILL.md, Step 2).
  • Boundary markers: Absent; there are no instructions to use delimiters or ignore potential commands embedded in the requirement files.
  • Capability inventory: The skill has the ability to read and write files, as well as execute shell commands (rg, git).
  • Sanitization: No explicit sanitization or filtering of input data is mentioned, though it includes a human-in-the-loop step where it asks the user for confirmation before creating Pencil placeholder files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 09:07 AM
Security Audit — agent-trust-hub — feature-doc-splitter-cn