Skills
skills/sd0xdev/sd0x-dev-flow/tech-spec/Gen Agent Trust Hub

tech-spec

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted data from the codebase and user input while possessing Write and Bash capabilities.
  • Ingestion points: SKILL.md (Workflow steps 1 and 2, and the /review-spec command which reads existing markdown files).
  • Boundary markers: Absent. There are no explicit instructions or delimiters used to ensure the agent ignores instructions that might be embedded in the files being reviewed.
  • Capability inventory: Write (used to create and modify tech specs in the docs/ directory) and Bash(git:*) (used for version control operations).
  • Sanitization: Absent. The skill reads and interprets file content directly for the purpose of analysis and review.
  • [Command Execution] (LOW): The skill requests access to the Bash tool with a restriction to git:*. While this restriction significantly reduces the attack surface compared to unrestricted bash, it remains a powerful capability that could be leveraged if the agent is successfully influenced by malicious content in a file it is reviewing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:08 AM