Skills
skills/kw12121212/slim-spec-driven/spec-driven-cancel/Gen Agent Trust Hub

spec-driven-cancel

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Node.js scripts using the node command. The scripts file contains a relative path (../../dist/scripts) pointing to a directory outside the skill's own folder, which indicates it relies on code from an external location relative to the skill root.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes data from the filesystem.
  • Ingestion points: In SKILL.md, the agent is instructed to run a command to list active changes from the .spec-driven/changes/ directory.
  • Boundary markers: There are no boundary markers or instructions to ignore embedded commands when processing or displaying the contents of these directories.
  • Capability inventory: The skill possesses the capability to execute shell commands (node) and delete directories based on the ingested data.
  • Sanitization: No sanitization or validation of the change names (sourced from the filesystem) is specified before they are passed as arguments to the execution command in SKILL.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 07:34 AM