spec-management
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes utility scripts (specgraph.sh, specwatch.sh) that automate filesystem operations and interaction with the git repository. These scripts follow secure practices, such as quoting variables to prevent word splitting and using restrictive regular expressions to validate artifact identifiers.
- [PROMPT_INJECTION]: The skill's architecture creates an indirect prompt injection surface as it is designed to ingest and process documentation artifacts that may contain untrusted content.
- Ingestion points: Documentation files across the docs/ directory are read by the agent and processed by utility scripts.
- Boundary markers: Metadata is segregated within structured YAML frontmatter blocks.
- Capability inventory: The skill can execute local scripts, modify the repository state, and delegate complex auditing tasks to sub-agents.
- Sanitization: While the scripts parse for specific artifact IDs, no content-specific sanitization is applied to the natural language bodies of the documentation files.
Audit Metadata