cspec-review
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes external markdown files, which presents a surface for indirect prompt injection (Category 8).
- Ingestion points: Reads local files from the
.cspec/directory, includingfoundation.md,manifest.md, and various slice specification files. - Boundary markers: Absent. The skill does not instruct the agent to treat the content of these files as data rather than instructions, nor does it use specific delimiters.
- Capability inventory: The skill is restricted to file system read and write operations within the project scope (writing to
.cspec/review-report.md). No network access, command line execution, or dynamic code evaluation capabilities were detected. - Sanitization: No explicit sanitization or validation of the file content is performed prior to processing.
- [NO_CODE]: The skill consists entirely of natural language instructions and YAML metadata. It does not contain any executable scripts, binaries, or automated build steps.
Audit Metadata