spec-flow-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network operations were detected.
- [Remote Code Execution] (SAFE): The skill does not download or execute any external scripts or packages.
- [Indirect Prompt Injection] (LOW): The skill is designed to process external specification documents (Ingestion point: User-provided specs in Phase 1; Boundary markers: Absent; Capability inventory: None; Sanitization: Absent). While it lacks delimiters to isolate user input from instructions, it possesses no tools or external capabilities that could be maliciously triggered.
- [No Code] (SAFE): This skill consists entirely of markdown instructions without any associated scripts or executable logic.
Audit Metadata