spec-loop-status
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes static Git commands (
git log --oneline -5andgit branch --show-current) to orientation purposes. These commands are non-destructive and do not accept dynamic user input. - [PROMPT_INJECTION]: The skill processes untrusted data from project files, creating a surface for indirect prompt injection.
- Ingestion points: Reads task files in
.agents/specs/and log entries inprogress.md. - Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded within the files it reads.
- Capability inventory: Capabilities are limited to reading project files and executing local Git metadata commands.
- Sanitization: No sanitization or filtering of the file content is performed before the information is presented to the agent.
Audit Metadata