spec-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the handling of external spec files.
- Ingestion points: SKILL.md workflow step 1 reads a file from a user-provided path and passes its content to five sub-agents.
- Boundary markers: Absent. The spec content is interpolated directly into the sub-agent prompts without delimiters or instructions to ignore embedded directives.
- Capability inventory: Sub-agents are explicitly authorized to 'Search the codebase thoroughly' and return 'code snippets' and 'file paths' as evidence.
- Sanitization: Absent. No filtering or validation is performed on the spec content. A malicious spec file could contain hidden instructions that override the agent's review task to instead search for and reveal sensitive files (e.g., secrets, configuration) in the final report.
Audit Metadata