spec-to-code-compliance
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection (Category 8) due to its core function of processing untrusted external data sources.
- Ingestion points: The skill explicitly instructs the agent to discover and normalize external documents (PDF, Markdown, DOCX, HTML) and codebase files in Phase 0 and Phase 1.
- Boundary markers: There are no specific instructions or delimiters provided to the agent to treat instructions found within the audited documentation as data rather than instructions (e.g., a 'whitepaper' could contain a hidden instruction to the auditor to ignore certain files).
- Capability inventory: The skill is designed for high-precision semantic analysis and reporting. While it does not explicitly invoke high-risk shell or network tools in the provided text, the platform capabilities available to the 'spec-compliance-checker' agent could be exploited if it obeys instructions inside the spec documents.
- Sanitization: No sanitization, escaping, or validation steps for the content of processed documents are defined before the content enters the agent's context.
Audit Metadata