project-specification
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted user-provided 'project briefs' to generate structured output.
- Ingestion points: Project briefs provided by the user are used as the primary input for transformation into specifications.
- Boundary markers: The skill does not define explicit delimiters or instructions to the LLM to ignore embedded commands within the input brief.
- Capability inventory: The skill has the capability to write to the local file system (
docs/specification.md) and automatically trigger subsequent skills (Skill(attune:project-planning)). - Sanitization: No evidence of sanitization or validation of the input content before processing or interpolation into prompts.
- [COMMAND_EXECUTION]: The skill documentation explicitly instructs the agent or user to perform local command execution for verification.
- Evidence: Several sections contain 'Verification' steps suggesting execution of commands with the
--helpflag or runningpytest -vto confirm success.
Audit Metadata