ac-spec-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted specification data to generate feature lists, which are then saved to disk, providing a vector for malicious instructions to influence the agent.
- Ingestion points: The 'spec' input variable in the SpecGenerator.generate() function.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: File system write access through the save_feature_list() method in the project directory.
- Sanitization: No input validation or escaping mechanisms are described for the specification data before processing.
Audit Metadata