spec-explore
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and summarizing untrusted data from external sources.\n
- Ingestion points: The skill reads local project codebases using Grep, Read, and Glob (Step 3) and explores external codebases and technical documentation (Step 4).\n
- Boundary markers: There are no instructions or delimiters defined to isolate the ingested content or to instruct the agent to ignore embedded instructions within those files.\n
- Capability inventory: The agent can read the file system, update its internal knowledge base via
exp-reflect, and send messages to other agent roles (spec-writer,spec-tester) usingSendMessage.\n - Sanitization: No sanitization, filtering, or validation steps are performed on the content retrieved from external files before it is used to generate the
exploration-report.md.\n- [COMMAND_EXECUTION]: The skill invokes a shell command/exp-searchwith keywords (Step 2) to retrieve historical experience, which is a common pattern for integrated search tools but represents a command execution capability.
Audit Metadata