rs-spec
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (e.g.,
scan-spec.sh,scan-project.sh,validate-spec.sh) to perform project assessments and validate specification documents. These scripts are invoked from a relative path (../rs-shared/scripts/) within the local environment. - [DATA_EXPOSURE]: For projects with existing code, the skill reads source code components and configuration files to automatically derive specification details. This activity is restricted to reading local project files to fulfill its primary purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill analyzes untrusted source code from the project directory. While this presents an ingestion surface for indirect prompt injection, the skill's logic is focused on document drafting and validation through fixed scripts, mitigating potential impact.
Audit Metadata