spec-generator
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user inputs, including text descriptions, uploaded files, and images, which creates a surface for indirect prompt injection.
- Ingestion points: The 'Process' section (Step 1) explicitly directs the agent to read all user-provided notes, existing documents, data models, wireframes, screenshots, and mockups.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from obeying commands that might be embedded within the user-provided materials.
- Capability inventory: The skill is permitted to perform web searches and write files to the local directory
/mnt/user-data/outputs/spec.md. - Sanitization: There are no instructions provided to sanitize, escape, or validate content extracted from external inputs before it is used in the final specification or for web search queries.
Audit Metadata