spec
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is designed to perform research by searching the web and cloning external repositories using Git. This behavior is documented in the research and technical design playbooks as a means to gather evidence and prior art. Findings from these sources are stored in local evidence files.\n- [COMMAND_EXECUTION]: The skill performs various command-line operations, including file system management (creating and updating SPEC.md, evidence files, and changelogs) and Git operations. For example, it uses
git pullduring the technical accuracy verification step to ensure findings are based on the latest codebase state. These commands are executed within the context of the skill's intended workflow.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it ingests untrusted data from external sources like websites, GitHub issues, and open-source code during its research phase.\n - Ingestion points: Research-playbook methodology involves web searches and cloning of third-party repositories.\n
- Boundary markers: The skill does not explicitly define markers to delimit external content from internal instructions during processing.\n
- Capability inventory: The agent has capabilities to write files, perform web searches, and execute Git commands.\n
- Sanitization: There are no documented sanitization or filtering steps for content retrieved from external research targets.
Audit Metadata