bb-clarify
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is documentation management through a structured questioning loop. No malicious patterns, such as unauthorized network access, data exfiltration, or privilege escalation, were detected.
- [COMMAND_EXECUTION]: The skill provides explicit instructions for escaping single quotes in arguments (e.g., using
I'\''m Groot). This is a defensive coding practice intended to prevent command injection or parsing errors during the handling of user input. - [PROMPT_INJECTION]: The skill manages external data from feature specifications and user input, which represents an indirect prompt injection surface. Ingestion points: Reads content from
FEATURE_SPECand$ARGUMENTS. Boundary markers: Uses a specific taxonomy for scanning and a dedicated## Clarificationssection for updates to maintain structure. Capability inventory: Limited to file-read and atomic file-write operations on the local specification file. Sanitization: Includes guidelines for argument escaping to ensure user inputs are processed as data rather than commands.
Audit Metadata