Skills
NYC
skills/qodex-ai/ai-agent-skills/specification-executor/Gen Agent Trust Hub

specification-executor

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads external specification data and uses it to drive workspace actions.
  • Ingestion points: Specification content is retrieved using Notion:notion-fetch as described in SKILL.md and reference/spec-parsing.md.
  • Boundary markers: Absent. The instructions do not include delimiters or specific commands to the agent to ignore potentially malicious instructions embedded within the specifications.
  • Capability inventory: The skill possesses the ability to create and update content within the user's workspace using Notion:notion-create-pages and Notion:notion-update-page (referenced in SKILL.md).
  • Sanitization: Absent. There is no evidence of logic to sanitize or validate the extracted requirement text before it is used to generate tasks or plans.
  • NO_CODE (SAFE): No executable code files (Python, JavaScript, shell scripts) were detected in the skill package. The skill consists entirely of instructional Markdown and evaluation configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:59 PM