spec-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted technical specifications that could contain instructions to manipulate the review outcome.\n
- Ingestion points: Specification content is ingested from user messages, local file paths, or conversation history (
SKILL.md, Step 1). Additional data is retrieved from Jira tickets using thebriannaskill (SKILL.md, Step 2).\n - Boundary markers: The instructions do not define clear delimiters or "ignore" instructions for the ingested specification content, potentially allowing embedded commands to influence the agent's behavior.\n
- Capability inventory: The skill utilizes the
briannaskill for data retrieval and references local architectural guides. It does not possess direct command execution or network exfiltration capabilities.\n - Sanitization: The skill mitigates the impact of potential injections by explicitly forbidding the generation of code snippets and requiring a highly structured output format (APPROVED or NEEDS WORK).
Audit Metadata