spec-generator
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Multiple phase files, including phases/01-discovery.md and phases/01-5-requirement-clarification.md, direct the agent to execute Bash commands by interpolating un-sanitized user input (such as seedInput and lastUserResponse) directly into the command string for an external CLI tool. This pattern is vulnerable to shell injection if the input contains metacharacters like double quotes or semicolons.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the local codebase and user responses to build prompts for LLM calls throughout its 6-phase pipeline. * Ingestion points: project files and interactive user feedback. * Boundary markers: weak textual labels in prompts. * Capability inventory: access to powerful tools like Bash, Write, and Skill. * Sanitization: no validation or escaping of external content is performed before interpolation.
Audit Metadata