speccer
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests and processes unstructured data from users to create specifications and generate project issues, which could allow malicious instructions in the input to influence the agent's behavior.
- Ingestion points: Unstructured input such as bullet points, rough notes, and transcribed ideas entering the system in Phase 1 and updated in 'docs/spec.md'.
- Boundary markers: The skill lacks explicit boundary markers or instructions for the agent to ignore potentially malicious commands embedded within the user-provided notes.
- Capability inventory: The skill utilizes the Task tool for general-purpose sub-agents and the 'beads:create' skill to generate actionable issues based on the processed content.
- Sanitization: No sanitization, validation, or filtering of the user input is described before it is integrated into the specification document or used to populate issue parameters.
Audit Metadata