spec-step
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from external specification files into its execution context.
- Ingestion points: The agent reads the full content of a user-referenced specification file, including summary, constraints, and implementation plans (SKILL.md).
- Boundary markers: There are no defined delimiters or instructions to treat the specification content as data rather than instructions.
- Capability inventory: The skill has the capability to modify the local codebase (file-write), update the specification file, and execute test suites (subprocess execution) as part of the implementation and verification process.
- Sanitization: The instructions do not include steps to validate, sanitize, or escape the content retrieved from the specification file before processing.
Audit Metadata