spec-save-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection through its processing of external, untrusted conversation history.
- Ingestion points: Conversational history (user and assistant messages) following the
/spec:brainstormcommand. - Boundary markers: Absent. The instructions do not define delimiters for the ingested content or instruct the agent to treat it strictly as data.
- Capability inventory: The skill possesses the capability to create directories and write files to the local file system using the
writetool. - Sanitization: Absent. The skill generates a filename slug and file content based on untrusted input without sanitization or validation. A malicious actor could inject instructions into the brainstorming session to attempt path traversal (e.g., via a crafted slug) or to write malicious content to the file system.
Recommendations
- AI detected serious security threats
Audit Metadata