writing-specs-designs
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Overall Security] (SAFE): The skill consists entirely of instructional markdown and templates for product documentation. It does not include any scripts, external dependencies, or network-enabled operations.
- [Prompt Injection] (SAFE): No patterns were found that attempt to override system instructions or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): No credentials, sensitive file paths, or outbound network calls are present. The skill only processes user-provided context to generate text-based deliverables.
- [Unverifiable Dependencies] (SAFE): No external packages (npm, pip, etc.) are referenced or installed.
- [Indirect Prompt Injection] (LOW): While the skill ingests user input to generate documentation, it lacks capabilities to execute that data (e.g., no subprocess calls or eval). The risk of indirect injection is negligible as the output is restricted to Markdown and Mermaid diagrams.
Audit Metadata