create-spec
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected in the skill's instructions or logic. The skill follows its stated purpose of guiding a project discussion and writing a specification to a local file.
- [PROMPT_INJECTION]: The skill processes user-provided project ideas and discussion content to generate a specification file (.turbo/spec.md), creating a surface for indirect prompt injection.
- Ingestion points: User input during the 'Capture the Vision' and 'Deep-Dive Discussion' phases (SKILL.md).
- Boundary markers: Absent; the agent is not explicitly instructed to treat user input as untrusted data or use delimiters.
- Capability inventory: File writing to .turbo/spec.md (SKILL.md). No command execution or network operations are present.
- Sanitization: Absent; user input is synthesized directly into the final document.
Audit Metadata