Skills
skills/marcusgoll/spec-flow/analysis-phase/Gen Agent Trust Hub

analysis-phase

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill analyzes untrusted documentation files (specs, plans, tasks) which could contain embedded instructions intended to influence the agent's findings or the content of the generated report.\n
  • Ingestion points: The skill reads spec.md, plan.md, and tasks.md using the Read and Bash (grep) tools.\n
  • Boundary markers: Missing. There are no explicit delimiters or instructions for the agent to ignore potentially malicious directions embedded within the analyzed documents.\n
  • Capability inventory: The skill uses the Bash, Read, and Edit tools to process inputs and write an analysis-report.md, creating a path for manipulated data to affect the project state.\n
  • Sanitization: The skill does not perform any sanitization or validation of the content within the analyzed files before processing it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:50 PM