spec
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill behaves as a standard documentation generator.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it analyzes external repository content to generate specifications.
- Ingestion points: Read operations on
README.md,package.json,FORMAT.md, and project source code during theDISTILLandBACKPROProutines. - Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded in the analyzed code.
- Capability inventory: File-write access is limited to the
SPEC.mdfile. - Sanitization: Absent; content is extracted directly from source files.
- Risk Mitigation: The threat is minimal because the skill only writes to a documentation file and mandates human-in-the-loop approval with a diff display before any changes are committed.- [NO_CODE]: The skill consists entirely of natural language instructions and logic for the AI agent; it does not include or execute any companion scripts or binaries.
Audit Metadata