specs-setup
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to fetch additional components from the author's official package repository (b12consulting/skills) via npx.
- [COMMAND_EXECUTION]: Provides a manual command for the user to install missing dependencies using npx, which is a standard procedure for this modular skill set.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze existing project code and documentation to generate new specification files.
- Ingestion points: Processes existing project source code and README.md files in the current directory (SKILL.md, Step 3 and Step 6).
- Boundary markers: Absent; the skill does not explicitly define delimiters or instruction-bypass warnings for the ingested project content.
- Capability inventory: Includes file system write operations (creating .md files in the specs/ folder) and directory creation.
- Sanitization: The skill relies on presenting drafted content to the user for review and explicit confirmation before finalization.
Audit Metadata