Skills
skills/rsmdt/the-startup/specify-plan/Gen Agent Trust Hub

specify-plan

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) through its ingestion of external documentation.\n
  • Ingestion points: The initializePlan function in SKILL.md reads from product-requirements.md and solution-design.md located in the user-specified specDirectory.\n
  • Boundary markers: No specific delimiters or safety instructions are defined to encapsulate the content of the read files, potentially allowing instructions within those files to override the agent's logic.\n
  • Capability inventory: The agent has permissions for Write, Edit, and TodoWrite, which could be exploited by an injection to modify the filesystem or task tracking system.\n
  • Sanitization: The workflow lacks any sanitization or validation steps for the content of the specification documents before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 11:27 AM