auto-claude-spec
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill establishes a workflow for ingesting external data, which creates a surface for Indirect Prompt Injection (Category 8).
- Ingestion points: User-provided task descriptions via the
--taskflag, interactive discovery phases, and the analysis of existing source code files during the Context Phase. - Boundary markers: Absent; the documentation provides no evidence of delimiters or instructions for the agent to distinguish between its own logic and untrusted external data.
- Capability inventory: The skill executes local Python scripts that perform file system modifications, including directory deletion (
rm -rf), directory creation (mkdir), and file writes (cat >). - Sanitization: Absent; no sanitization or validation protocols are mentioned for the incoming requirements or discovered code context.
- Command Execution (SAFE): The skill documents the use of CLI tools (
spec_runner.py,run.py,validate_spec.py) for managing the specification lifecycle. These operations are restricted to the local environment and align with the skill's stated purpose. - No Code (SAFE): The skill consists exclusively of instructions in
SKILL.mdand does not provide the source code for the referenced Python scripts. While typical for documentation, the internal logic of these scripts cannot be verified through this file alone.
Audit Metadata