update-spec
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the shell command
catto read existing specification files. Evidence: The commandcat .trellis/spec/<category>/<file>.mdis used in Step 3. Potential Risk: The use of variables for file paths creates a risk of directory traversal if the agent resolution logic is manipulated to access files outside the intended directory. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection by reading and subsequently writing to local documentation files. Ingestion points: The agent reads existing markdown files in the
.trellis/spec/directory via thecatcommand. Boundary markers: No specific delimiters or instructions to disregard embedded commands are provided for the reading phase. Capability inventory: The agent has the capability to write and edit markdown files in the local repository. Sanitization: The skill does not define any validation or sanitization protocols for the content being read before it is processed or written back to the files.
Audit Metadata