spec-driven-brainstorm
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses localized project context to assist in planning and documentation. All identified behaviors align with its stated purpose as a development aid.- [COMMAND_EXECUTION]: The skill executes a Node.js script located via a relative path. This script is part of the skill's infrastructure and is used for scaffolding and verifying proposal artifacts.- [PROMPT_INJECTION]: The skill ingests untrusted project files which constitutes an indirect prompt injection surface.
- Ingestion points: .spec-driven/config.yaml and specification files are read at runtime.
- Boundary markers: Absent; the instructions do not define clear delimiters for external content.
- Capability inventory: Executes local Node.js scripts and writes markdown documentation artifacts to the filesystem.
- Sanitization: Absent; the agent is instructed to use the content of existing specification files directly to inform the proposal content.
Audit Metadata