spec-gathering
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted user requirements and interpolates them into specification files without boundary markers or sanitization, creating an indirect prompt injection surface.
- Ingestion points: User input in Phase 2 and 5 of SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Write, Edit, and Bash tools.
- Sanitization: Absent.
- [COMMAND_EXECUTION]: The verification instructions in SKILL.md Phase 8 use shell commands with placeholders like [feature-name]. If these are populated with unsanitized user input (e.g., containing shell metacharacters), it could lead to command injection when the agent executes the verification checks.
Audit Metadata