spec-design
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes a legitimate workflow for project management and technical design.
- [COMMAND_EXECUTION]: Uses the GitHub CLI (gh) to create issues and the open command for file review, which are appropriate for the skill's purpose.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it reads back specification files after potential user modification.
- Ingestion points: File reading of .context/specs/.md during the review phase.
- Boundary markers: None present to distinguish file content from instructions.
- Capability inventory: gh issue create, open, and file write operations.
- Sanitization: No content validation or sanitization is applied to the specification text before processing.
Audit Metadata