fp-update-spec
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'git log' to analyze the repository's history and calls an external tool 'review-spec' for document validation during Phase 4.- [PROMPT_INJECTION]: User-provided '$ARGUMENTS' are interpolated directly into the skill's instruction set, which could be used to override the agent's logic or bypass intended constraints.- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection. 1. Ingestion points: Reads local source code files and 'git log' output in Phase 1. 2. Boundary markers: No explicit delimiters or instructions are used to separate untrusted repository data from the agent's instructions. 3. Capability inventory: The skill has the ability to read system files and overwrite the 'E2E_TESTS.md' file. 4. Sanitization: No sanitization or filtering is applied to the analyzed git logs or source code to prevent embedded instructions from influencing behavior.
Audit Metadata