Skills
skills/catlog22/claude-code-workflow/spec-add/Gen Agent Trust Hub

spec-add

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local commands, specifically ccw spec init and ccw spec rebuild. These are used to initialize and update the specification index within the environment.
  • [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface.
  • Ingestion points: User-provided rule text via CLI arguments or interactive prompts.
  • Boundary markers: The skill does not implement delimiters or 'ignore' instructions when writing the rules to markdown files.
  • Capability inventory: Uses Write, Edit, and Bash to persist the data.
  • Sanitization: There is no sanitization or escaping of the user-provided text before it is appended to guideline files (coding-conventions.md, architecture-constraints.md). Malicious instructions saved as 'conventions' could be obeyed by the agent in subsequent sessions.
  • [DATA_EXPOSURE]: The skill accesses the user's home directory (~/.ccw/personal/) to store and retrieve global personal specifications. While this is the intended functionality for cross-project preferences, it involves broad file system access beyond the project root.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 04:09 PM