grill-spec
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and provides instructions to install an external dependency named
grill-mefrom a third-party GitHub repository (github.com/mattpocock/skills). While the skill correctly instructs the agent to seek user consent before installation, the source is an external repository. - [PROMPT_INJECTION]: There is a potential risk of indirect prompt injection as the skill processes external specification files.
- Ingestion points: Specification documents and design files (e.g.,
docs/design/*.md) mentioned in the skill instructions. - Boundary markers: No explicit delimiters or boundary markers are instructed for use when passing file content to the analysis tool.
- Capability inventory: The skill has the ability to invoke external tools (
grill-me) and modify local files based on the output. - Sanitization: The skill does not describe any sanitization or validation of the input file content before it is processed.
- [COMMAND_EXECUTION]: The skill is designed to invoke the
grill-metool with file paths as arguments. While intended for design analysis, this involves executing commands based on project file structures.
Audit Metadata