spec-gathering
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs standard shell commands (
cat,test,grep,head,wc) to read local project context files and verify the structure of generated specifications. These operations are confined to the local project environment and used for legitimate validation steps. - [DATA_EXFILTRATION]: No network activity, external URL references, or attempts to access sensitive system files (e.g., SSH keys, credentials) were found. The skill only accesses project-specific context within the
.claude/context/directory. - [PROMPT_INJECTION]: The skill instructions focus on workflow grounding and user interaction logic. No patterns intended to bypass AI safety filters, ignore system instructions, or extract system prompts were identified.
- [REMOTE_CODE_EXECUTION]: There are no external dependencies, remote script downloads, or dynamic execution of untrusted code. All script files (
main.cjs, hooks) are local and perform routine, non-sensitive initialization and metric recording.
Audit Metadata