peach-gen-spec
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill is instructed to read the
api/src/environments/env.local.ymlfile to extract theDATABASE_URL. This file typically contains sensitive connection strings, passwords, or access tokens. - [COMMAND_EXECUTION]: Executes shell commands
whoamiandgit config user.nameto retrieve the current user's identity for the purpose of generating standardized file paths for the output specifications. - [DATA_EXPOSURE]: The skill ingests content from a wide range of files (Vue components, TypeScript stores, mock data, and DDL schemas) across user-specified paths. This capability allows the agent to access and process sensitive project source code.
- [PROMPT_INJECTION]: The workflow involves reading and analyzing untrusted external data (UI prototypes and feature documentation) without explicit boundary markers or instructions to ignore embedded commands. This creates a surface for indirect prompt injection where malicious instructions hidden in the source material could influence the agent's behavior.
- Ingestion points: reads from
_task-meta.ts,.vue,.mock.ts,.store.ts, and.tsfiles within a user-provided prototype path, as well as feature documentation folders. - Boundary markers: Absent. The skill does not implement delimiters or warnings to ignore instructions within the read content.
- Capability inventory: Performs file reads, executes local shell commands (
whoami,git), and writes markdown files to the local filesystem. - Sanitization: No sanitization or validation of the input file content is mentioned before processing or inclusion in the final specification.
Audit Metadata