functional-spec-author
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to read and process untrusted files from a repository.
- Ingestion points:
SKILL.mdworkflow instructs the agent to inspect frontend entry points, state stores, API calls, and persistence layers. - Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions found within the analyzed files.
- Capability inventory: The agent has the ability to read all files in the repository and write new markdown files (
SKILL.mdrules section). - Sanitization: There is no evidence of content sanitization or validation of the input data before processing.
- [DATA_EXFILTRATION]: The skill may lead to the exposure of sensitive data. By directing the agent to 'inspect... persistence, flags' and 'live config/data', the skill could cause the agent to read and process sensitive configuration details or environment variables if they are stored within the repository codebase.
Audit Metadata