spec-clarifier
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection by processing untrusted external input that could contain malicious instructions.
- Ingestion points: The skill ingests data from chat or local file paths as specified in SKILL.md (Workflow Step 1).
- Boundary markers: There are no delimiters or explicit instructions to treat input as data rather than instructions, allowing embedded commands to bypass logic.
- Capability inventory: The skill uses a 'read tool' and has instructions to 'write the output to a Markdown file' (SKILL.md, Workflow Step 8), which could be exploited to overwrite or create malicious files.
- Sanitization: No sanitization or validation logic is defined to prevent the execution of instructions embedded in the project notes.
Recommendations
- AI detected serious security threats
Audit Metadata