specs-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): This skill consists of markdown-based instructions and templates for an AI agent. It does not include any executable scripts, binaries, or external dependencies.
- Command Execution (SAFE): The workflow involves running tests and linters as part of a standard development lifecycle, with no evidence of malicious intent or payload delivery.
- Indirect Prompt Injection (SAFE): The workflow processes user requirements but implements security mitigation by instructing a reviewer subagent to audit plans and code for vulnerabilities (defined in references/agents/reviewer.md). 1. Ingestion points: User requirements in Phase 1 (Discovery). 2. Boundary markers: Logical gates and review phases act as process boundaries. 3. Capability inventory: Code modification and local test execution. 4. Sanitization: Security-focused review cycles designed to identify injection and exposure.
Audit Metadata