lightspec-loop
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to install from an untrusted GitHub repository (viteinfinite/skills), which is not on the verified list of trusted organizations or repositories.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8). 1. Ingestion points: The full text of the LightSpec task is pasted into the subagent prompt in implementer-prompt.md. 2. Boundary markers: No delimiters or warnings are used to prevent the subagent from following instructions embedded within the spec. 3. Capability inventory: The subagent can modify the codebase, run tests, and archive specs. 4. Sanitization: The specification content is not sanitized or escaped before being interpolated into the prompt.
Audit Metadata