spec-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests instructions from project-level files such as
AGENTS.md,CLAUDE.md, and markdown specifications to guide agent behavior. This creates a surface for indirect prompt injection where malicious content in these files could influence the agent's actions. - Ingestion points: Files located at
docs/specs/*.md,AGENTS.md, andCLAUDE.md. - Boundary markers: Uses file path references but lacks explicit content sanitization or isolation protocols for the data read from these files.
- Capability inventory: The skill allows the agent to modify the file system and execute arbitrary shell commands defined in the plans.
- Sanitization: No validation or filtering is performed on the instructions or commands retrieved from the project files.
- [COMMAND_EXECUTION]: The workflow involves the automated execution of 'validation commands' specified within markdown plan files. This design allows for the execution of arbitrary shell commands (e.g., test runners) based on external file content, which is a common but sensitive capability in development agents.
Audit Metadata