spec
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The file 'references/behavior-examples.md' contains the phrase 'Ignore previous instructions'. This is part of an educational section illustrating how developers should define 'Good' vs 'Bad' behavior for their own AI features. It is not an instruction directed at the agent executing this skill and thus represents a false positive.
- [DATA_EXFILTRATION]: The skill integrates with Linear via the Model Context Protocol (MCP) to fetch and create issue data. These operations are restricted to the skill's intended purpose of project management and do not involve unauthorized data access or exfiltration.
- [COMMAND_EXECUTION]: The skill documentation describes command-line shortcuts like '/spec --quick'. These are internal prompt-routing mechanisms for the LLM and are not executed as system shell commands, posing no risk to the host environment.
Audit Metadata