Skills
skills/catlog22/maestro-flow/spec-map/Gen Agent Trust Hub

spec-map

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions that attempt to override standard agent caution and user oversight.
  • Evidence: The 'Auto Mode' section and the flag --yes instruct the agent to 'Skip all confirmations' and 'skip validation'. Additionally, the 'Core Rules' explicitly state 'DO NOT STOP: Execute until all mappers complete or fail', which may cause the agent to ignore safety signals or errors encountered during execution.
  • [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through analysis of untrusted codebase data.
  • Ingestion points: Mapper tasks involve scanning file content using Read, Glob, and Grep tools on sensitive files like package.json and CI/CD configurations.
  • Boundary markers: The tasks.csv schema and mapper instructions lack clear delimiters or warnings to ignore instructions embedded within the analyzed code.
  • Capability inventory: Sub-agents spawned by the skill have access to powerful tools including Bash, Write, Edit, and spawn_agents_on_csv.
  • Sanitization: There is no evidence of sanitization or filtering of the codebase data before it is processed by the AI agents.
  • [COMMAND_EXECUTION]: Use of shell commands for session and directory management.
  • Evidence: The skill implementation uses the Bash tool to execute mkdir -p for session folders and output directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:12 AM