superspec-brainstorm
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user content. 1. Ingestion: SKILL.md process step A1 requests JSON or text from the user. 2. Boundary markers: Absent. 3. Capability inventory: Non-negotiable rules forbid the agent from running
openspec, using commands to fetch context, or writing and modifying files. 4. Sanitization: Absent. The strict limitation on execution and write capabilities effectively neutralizes the injection surface. - [Command Execution] (SAFE): No malicious command patterns are present; the skill proactively prohibits the use of shell commands and external tools.
Audit Metadata