specalign
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external specification and source code files which could contain malicious instructions.
- Ingestion points: Workflow Step 1 and Step 2 involve reading various files like
*.spec.md,SPEC.md, and source code files (e.g.,src/types.ts) into the agent's context. - Boundary markers: The instructions lack boundary markers or explicit warnings for the agent to ignore any embedded instructions within the spec or code files.
- Capability inventory: The skill has the capability to modify files (
Apply Changesin Step 5) and execute local commands (lint,typecheck, andunit tests). - Sanitization: There is no evidence of sanitization or filtering of the content read from external files before it is processed or used to suggest changes.
- [COMMAND_EXECUTION]: The skill includes instructions to execute system commands as part of its automated workflow.
- Evidence: In Step 5, the agent is directed to 'run lint/typecheck after changes' and 'run unit tests'. This behavior grants the agent the ability to execute arbitrary local tools, which could be exploited if an attacker influences the code or environment being tested.
Audit Metadata