spec-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): The skill consists entirely of static Markdown files. No executable code, shell commands, or network operations were detected.
- NO_CODE (SAFE): No source code files (Python, JavaScript, etc.) are included with the skill. Markdown files contain illustrative code snippets for documentation and output purposes only, posing no execution risk.
- Indirect Prompt Injection (SAFE): The skill defines a surface for ingesting untrusted user input via discovery questions in
references/QUESTION-BANK.md. However, because the skill lacks actionable capabilities such as file system access, network requests, or code execution (eval/exec), this surface does not present a valid vulnerability. - Capability Review (SAFE): The inventory of capabilities across all files is limited to text interpolation and markdown rendering. No dangerous subprocess calls or sensitive file reads were identified.
Audit Metadata