cspec-discover
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external documents to extract product requirements. Ingestion points: Reads provided file paths or pasted content in the Document-Driven Process (SKILL.md). Boundary markers: No explicit instructions or delimiters are used to isolate ingested content from agent instructions. Capability inventory: Writes output to the local file system at .cspec/manifest.md (SKILL.md). Sanitization: No explicit validation or filtering of document content is mentioned.
Audit Metadata