specification-driven-generation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided specifications, which represents a surface for indirect prompt injection. This behavior is necessary for its function as a code generator. 1. Ingestion points: Natural language descriptions and API specifications (SKILL.md). 2. Boundary markers: Not present. 3. Capability inventory: Generates source code and suggests running unit tests via shell commands. 4. Sanitization: Not present.
- [COMMAND_EXECUTION]: The skill instructions include the execution of standard testing commands to verify implementation quality. Evidence: Suggested use of
pytestandmvn testin the verification section.
Audit Metadata