spec
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill has an ingestion surface for untrusted user input which is used to construct project specifications.\n
- Ingestion points: User responses via AskUserQuestion and file content via Read/Grep tools in SKILL.md.\n
- Boundary markers: Absent. Instructions do not mandate the use of delimiters or 'ignore' instructions for user-provided data.\n
- Capability inventory: Write and Edit for file creation (Spec.md) and TodoWrite for task registration.\n
- Sanitization: Absent. Input is directly interpolated into the output documentation.\n
- Risk Assessment: The risk is limited to influencing the reasoning and planning of downstream agents (e.g., a Coding Agent) through the generated Spec.md, as this skill itself cannot execute commands or access the network.
Audit Metadata