tpm-spec-verify
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODE
Full Analysis
- No Executable Code (SAFE): The skill consists entirely of Markdown instructions and does not contain scripts, binaries, or command-line operations.
- Indirect Prompt Injection (INFO): The skill is designed to process external documents (Phase PRDs). While it lacks capabilities such as network access, file-system modification, or code execution, it is susceptible to indirect prompt injection where instructions embedded in a PRD could influence the agent's behavior. 1. Ingestion points: Phase PRD input (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: None (text generation only). 4. Sanitization: Absent.
Audit Metadata