spec-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes technical specifications provided by external sources which could contain malicious instructions designed to hijack the agent's logic.
- Ingestion points: Technical specifications are retrieved from user messages, file paths, or conversation history as described in Step 1 of the SKILL.md file.
- Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing the spec content.
- Capability inventory: The skill uses the 'Read' tool to access local files and invokes the 'brianna' skill to fetch external Jira ticket data.
- Sanitization: Absent. There is no evidence of input validation or sanitization applied to the specification text before it is evaluated by the agent.
Audit Metadata