ac-spec-parser
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- General Security (SAFE): The skill's documentation describes legitimate data processing activities. No evidence of prompt injection, data exfiltration, or obfuscation was detected.
- Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection because it parses external specification files that could contain malicious instructions.
- Ingestion points: Files like
spec.yaml,spec.json, and.mdare read from the project directory. - Boundary markers: No specific boundary markers or 'ignore instructions' warnings are mentioned to prevent the agent from following instructions embedded in the specs.
- Capability inventory: Parsed data is passed to downstream skills (
ac-spec-generator,ac-feature-analyzer) which may interpret the content using LLMs. - Sanitization: The documentation does not describe sanitization or validation of the data to filter out potential instructions.
Audit Metadata