doc-spec-audit
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes external SPEC files to generate audit reports and trigger follow-up actions.
- Ingestion points: Processes SPEC files located at 'docs/09_SPEC/SPEC-NN_*/...' as specified in the Execution Contract in SKILL.md.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the content of the SPEC files as untrusted data or to ignore embedded instructions within them.
- Capability inventory: The skill executes other local skills ('doc-spec-validator', 'doc-spec-reviewer', 'doc-spec-fixer') and performs file-write operations to create 'SPEC-NN.A_audit_report_vNNN.md'.
- Sanitization: There is no evidence of content sanitization or validation of the SPEC file contents before they are incorporated into the audit reports or used to drive the workflow logic.
Audit Metadata