Skills
skills/fellowship-dev/dogfooded-skills/spec-plan/Gen Agent Trust Hub

spec-plan

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from external sources.
  • Ingestion points: Processes data from GitHub issues (body and comments) via the gh issue view command, as well as local project files like README.md and project-instructions.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the ingested data as untrusted or to ignore embedded instructions within that data.
  • Capability inventory: The skill has access to several powerful tools including Bash (shell execution), Read, Grep, and Glob.
  • Sanitization: The skill does not implement any sanitization, escaping, or validation of the content retrieved from issues or the codebase before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 09:35 PM