feature-spec-author
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured workflow for generating software documentation including requirements, designs, and task lists.
- [SAFE]: Data ingestion is limited to local project documentation files (e.g., product.md, tech.md, epic-map.md) which are within the intended operational scope of the software development workflow.
- [SAFE]: External communication is restricted to publishing content to Confluence via the Atlassian Model Context Protocol (MCP), which is a legitimate and well-known service integration.
- [SAFE]: The workflow incorporates human oversight through three mandatory approval gates (Gates 1a, 1b, and 1c) before any documentation is finalized or published to external systems.
- [SAFE]: No obfuscation, prompt injection, hardcoded credentials, or suspicious remote code execution patterns were detected in the provided files.
Audit Metadata