spec-writer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses local markdown references and standard tool invocations for document generation. The workflows involving the creation of a workspace directory for project files are typical for productivity tools and follow legitimate patterns.
- [PROMPT_INJECTION]: The skill processes external data such as government grant announcements and business plans, creating a surface for potential indirect prompt injection. This is an inherent part of the document-processing use case.
- Ingestion points: External announcement documents and user-provided draft materials.
- Boundary markers: Absent.
- Capability inventory: File system writing to a workspace directory and reasoning tool usage.
- Sanitization: Not explicitly defined; relies on standard AI processing.
Audit Metadata