specs-dev
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions and associated subagent scripts do not contain any known malicious patterns, obfuscation, or instructions to bypass safety filters.
- [COMMAND_EXECUTION]: The workflow requires the agent to execute shell commands for git operations (committing tasks) and running project-specific test suites. These operations are standard for a development-focused tool and remain within the project's local scope.
- [PROMPT_INJECTION]: The skill uses a subagent architecture where worker and reviewer agents process content from local project files (e.g., plan.md, tasks.md, and handoff.md). This establishes an indirect prompt injection surface. \n
- Ingestion points: references/agents/worker.md and references/agents/reviewer.md read handoff.md and plan.md to gain context. \n
- Boundary markers: Absent; the skill relies on standard Markdown structure. \n
- Capability inventory: File system read/write access, git commit capabilities, and local test execution. \n
- Sanitization: Absent; the skill assumes that the project-specific planning files contain trusted development instructions.
Audit Metadata