Skills
skills/jeffallan/claude-skills/spec-miner/Gen Agent Trust Hub

spec-miner

Warn

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute file discovery and search operations via Glob and Grep commands as outlined in references/analysis-process.md.
  • [DATA_EXPOSURE]: The analysis workflow is configured to explicitly search for and access sensitive file paths, including .env files and directories related to authentication and secrets, which may contain hardcoded credentials or environment configuration.
  • [PROMPT_INJECTION]: The skill possesses a significant attack surface for Indirect Prompt Injection.
  • Ingestion points: The skill ingests untrusted content from the codebase being analyzed using Read, Grep, and Glob tools.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious instructions embedded within the source code or comments of the files being read.
  • Capability inventory: The agent has extensive capabilities including Bash command execution and file system access.
  • Sanitization: No sanitization or validation logic is applied to the data retrieved from the files before it is processed by the agent's logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 7, 2026, 11:42 AM