create-technical-design
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure patterns for project documentation by restricting file operations to the .specs/ directory and does not access sensitive system paths or credentials.
- [PROMPT_INJECTION]: The skill ingests data from external files to help generate the technical design, which creates an indirect prompt injection surface. 1. Ingestion points: .specs/[feature-slug]/RESEARCH.md and .specs/[feature-slug]/PRODUCT-REQUIREMENTS.md as defined in SKILL.md. 2. Boundary markers: No explicit delimiters or warnings are used when processing the content of these files to separate external data from instructions. 3. Capability inventory: The skill can write files to the .specs/ directory and interact with the user via questions. 4. Sanitization: No sanitization or validation of the ingested file content is performed. Note: This behavior is required for the skill's primary function and is considered low risk in this context.
Audit Metadata