draft-spec
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input (project descriptions and answers) to generate output. This presents a surface for indirect prompt injection (Category 8), though the risk is low and inherent to the skill's purpose as a documentation drafter.
- Ingestion points: User vision and responses to questions are absorbed and synthesized in
SKILL.md. - Boundary markers: No explicit delimitation or 'ignore instructions' markers are used when processing user input.
- Capability inventory: The skill has file-write capabilities (to
.turbo/specs/) and the ability to trigger other agent skills and search tools (Step 2). - Sanitization: There is no explicit validation or sanitization of the user-provided content before it is incorporated into the final specification document.
- [SAFE]: All file operations are restricted to the local project directory for documentation purposes, and network operations are limited to standard documentation lookups.
Audit Metadata