spec-writing
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is an instructional resource for creating project specifications and does not contain executable code or perform sensitive operations.
- [PROMPT_INJECTION]: The skill establishes a specification format used to drive agent actions, representing an indirect prompt injection surface for data processed at runtime. Evidence: 1. Ingestion points: .claude/sprint/[N]/specs.md. 2. Boundary markers: Absent for specification content. 3. Capability inventory: Code implementation and testing. 4. Sanitization: Absent.
- [SAFE]: External references to technologies such as PostgreSQL and Socket.io are provided as illustrative examples within documentation and do not constitute external downloads.
Audit Metadata