EARS Notation
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to process and validate requirements from external files (e.g., .specs//requirements.md), which are untrusted data sources that could contain malicious instructions masquerading as requirements. \n
- Ingestion points: Requirements are read from markdown files in the .specs/ directory. \n
- Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore any command-like text within the requirement descriptions. \n
- Capability inventory: The skill documentation suggests the use of a Node.js script for validation and instructs the agent to enforce specific linguistic patterns. \n
- Sanitization: No input validation or sanitization of the requirement text is implemented or described. \n- [COMMAND_EXECUTION]: The skill documentation includes instructions to execute a local Node.js script (scripts/ears-validator.js) to validate requirements. While this script appears to be a vendor resource from ibutters, executing local scripts on files that may contain user-controlled content presents a potential attack surface if the script logic is not properly hardened against malicious inputs.
Audit Metadata