spec-critique
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow involves executing basic shell commands like cat, head, and grep to access and inspect files within the .claude/context/ directory. These are used for context loading and final verification of the specification structure.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. * Ingestion points: The agent reads the contents of specification files (.claude/context/specs/[task-name]-spec.md) and requirement documents (.claude/context/requirements/[task-name].md) as part of its Phase 1 workflow. * Boundary markers: There are no clear delimiters or instructions provided to the agent to treat the external file content as untrusted or to ignore any embedded directives. * Capability inventory: The skill has the ability to write and edit files on the filesystem (using Write and Edit tools), which could be manipulated by instructions found within a malicious specification file. * Sanitization: The skill does not implement any sanitization or validation mechanisms for the text read from external files.
Audit Metadata