Skills
skills/go-sphere/skills/spec-diff-pipeline/Gen Agent Trust Hub

spec-diff-pipeline

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes potentially untrusted specification files and git diff outputs, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Technical specification files (spec_path) and version comparison files (version_a_path, version_b_path).
  • Boundary markers: The skill relies on structured output templates but does not provide explicit boundary markers or instructions to ignore embedded commands within the analyzed documents.
  • Capability inventory: File system access (reading repo files, writing artifacts to design/changes/) and execution of git tools.
  • Sanitization: No content sanitization or validation is performed on the input files.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the git diff command to compute changes between specification versions.
  • [NO_CODE]: The skill contains no executable scripts or source code; all logic is provided as natural language instructions in markdown files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 09:50 PM