Skills
skills/trevors/dot-claude/specifying-and-planning/Gen Agent Trust Hub

specifying-and-planning

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to programmatically create issues, labels, milestones, and project boards. This behavior is documented and aligns with the stated purpose of automating project management workflows.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external data from specification and requirement files to generate content for GitHub issues.
  • Ingestion points: Processes content from spec.md, requirements.md, tasks.md, and issues.md.
  • Boundary markers: No explicit delimiters are specified to isolate untrusted file content during processing.
  • Capability inventory: The skill possesses the ability to create and modify entities on GitHub via the gh command-line tool.
  • Sanitization: The skill uses shell heredocs with single-quoted delimiters ('EOF') to prevent shell-level command injection, although it does not provide natural language content sanitization for instructions embedded within the files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 07:18 PM