Skills
skills/flora131/atomic/create-spec/Gen Agent Trust Hub

create-spec

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external research files.\n
  • Ingestion points: Data is read from the research/ directory or a location specified by the user in $ARGUMENTS (referenced in SKILL.md).\n
  • Boundary markers: Absent. There are no delimiters or instructions to prevent the agent from obeying commands or instructions embedded within the research documents.\n
  • Capability inventory: The skill can write files to the specs/ directory and use the AskUserQuestion tool to prompt the user (as defined in SKILL.md).\n
  • Sanitization: Absent. The skill does not validate or sanitize the content of the research documents before incorporating them into the final specification.\n- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection to execute a local shell command at load time.\n
  • Evidence: !git config user.name`` in SKILL.md used to populate the author field in document templates.\n
  • Context: This command retrieves the local git user configuration for document personalization, which is a common and benign developer workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 10:01 PM