specification-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill utilizes a local Python script (spec.py) for directory management and metadata generation. The script's operations are confined to the 'docs/specs' directory and it uses regex-based sanitization for new directory names to prevent path traversal. The use of 'bash' is restricted to executing this internal script.
- [Indirect Prompt Injection] (SAFE): The skill processes user-provided context and decision rationales which are stored in README.md files. This creates a surface for indirect prompt injection if the agent reads these files in future sessions. However, this is the primary intended function of the documentation management skill, and the risk is mitigated as the helper script only checks for file existence and lists names rather than executing file contents. Ingestion points: README.md files in 'docs/specs/' directories; Boundary markers: None; Capability inventory: Read, Write, Edit, and Bash tools; Sanitization: The helper script sanitizes directory names using regular expressions.
Audit Metadata