spec-to-code-compliance
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The command 'trailofbits:spec-compliance' enables the 'Bash' tool. This allows the AI agent to execute arbitrary shell commands. While necessary for executing blockchain audit tools (e.g., Slither or compilers), this capability is high-risk if abused. The severity is reduced from HIGH to MEDIUM as it is tied to the skill's primary purpose.
- [EXTERNAL_DOWNLOADS] (LOW): The 'WebFetch' tool is enabled to retrieve specification documents from URLs. This is a core functionality for fetching whitepapers but introduces interactions with untrusted remote servers.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection due to its ingestion of untrusted external data.
- Ingestion points: The '' and '' arguments in 'commands/spec-compliance.md'.
- Boundary markers: Absent; no delimiters are defined to separate untrusted content from the agent's instructions.
- Capability inventory: Access to 'Bash', 'WebFetch', 'Read', 'Write', 'Grep', and 'Glob' tools.
- Sanitization: Absent; no input validation or escaping mechanisms are described for the analyzed content.
- [REMOTE_CODE_EXECUTION] (LOW): The combination of 'WebFetch' and 'Bash' tools creates a surface for remote code execution if a malicious specification document contains instructions that the agent follows to download and execute arbitrary scripts.
Audit Metadata