spec-setup
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides structured instructions to a subagent to perform technical analysis. There are no attempts to bypass safety filters or override agent constraints.
- [DATA_EXFILTRATION]: The skill reads project-level configuration files and source code structure. It utilizes the Gemini CLI for semantic analysis, which is a well-known service. No sensitive credentials or private data are sent to unauthorized external domains.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to interact with the local 'ccw' CLI, manage project files in.workflow/and.ccw/, and gather project metadata viagit. These actions are strictly aligned with the skill's purpose of project initialization. - [REMOTE_CODE_EXECUTION]: No remote script downloads or executions from untrusted sources were found. The skill relies on local environment tools.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The subagent reads project manifest files (e.g.,
package.json,requirements.txt,go.mod) to determine the tech stack. - Boundary markers: Structural markers are used to separate task assignments from analysis data.
- Capability inventory: The skill possesses file system access (
Read,Write) and command execution (Bash,spawn_agent). - Sanitization: The results of the technical analysis are reviewed and confirmed by the user through a multi-round interactive questionnaire (
ASK_USER), providing a human-in-the-loop verification step.
Audit Metadata