doc-req-autopilot
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates workflows by executing local Python and Bash scripts (e.g., validate_sys.py, validate_req_template.sh) within project-specific directories. These operations are intended for internal document processing and do not interact with sensitive system paths or external resources.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes SYS documents from docs/06_SYS/ to create REQ artifacts. (1) Ingestion points: SYS documents read from docs/06_SYS/ (2) Boundary markers: No explicit delimiters or instructions defined for requirement text interpolation (3) Capability inventory: File writing in docs/07_REQ/ and execution of local validation/traceability scripts (4) Sanitization: The skill implements structured parsing and validation of Module IDs and Requirement sequence numbers to maintain standard formats.
Audit Metadata