clarify-spec
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill workflow involves reading local project documentation (CLAUDE.md, AGENTS.md) and searching for files via glob patterns to gather context. This ingestion of untrusted local data represents a surface for indirect prompt injection where instructions hidden in those files could influence the agent's behavior.
- Ingestion points: Local project files accessed via Phase 2 of the workflow (Context gathering).
- Boundary markers: The skill does not specify the use of delimiters or 'ignore' instructions when reading file content.
- Capability inventory: The skill generates structured JSON for the 'prompt-architect' tool and manages conversation logic; it does not directly execute system commands.
- Sanitization: No methods for sanitizing or validating the content of retrieved files are defined.
Audit Metadata