Skills
skills/melodic-software/claude-code-plugins/specify/Gen Agent Trust Hub

specify

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill operates within its intended scope of creating technical specifications and formal models.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it processes untrusted external data from the local repository.
  • Ingestion points: Reads files from the docs/requirements/ directory and existing Architecture Decision Records (ADRs) to gather context.
  • Boundary markers: No specific delimiters or markers are defined to isolate ingested file content from the agent's core instructions.
  • Capability inventory: The skill uses Read, Write, Glob, Grep, Skill, and Task tools, enabling it to search the filesystem and execute complex orchestrated tasks based on its findings.
  • Sanitization: There is no evidence of sanitization or structural validation for the data ingested from the requirements documents before it is used to generate specifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 09:18 AM