spec-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for documentation and project management. It defines a multi-phase process (Requirements, Design, Tasks, Execution) using markdown templates and standard instructional logic. No security threats were identified across any analyzed categories.
- [PROMPT_INJECTION]: The instructions focus on structured output and user confirmation. There are no attempts to bypass safety filters, override core agent behavior, or extract system prompts.
- [DATA_EXFILTRATION]: No network operations, credential harvesting, or access to sensitive system files (e.g., .env, .ssh) were detected.
- [REMOTE_CODE_EXECUTION]: The skill does not perform package installations, remote script execution, or dynamic code evaluation. It strictly generates markdown documentation and task lists.
- [COMMAND_EXECUTION]: No shell command execution or dynamic context injection patterns were found in the skill definitions.
Audit Metadata