doc-tspec-validator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local scripts (e.g., 'validate_utest.py', 'validate_all_tspec.sh') to perform document validation, quality scoring, and cross-document checks within the 'ai_dev_ssd_flow/' directory.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted Markdown documentation from the 'docs/10_TSPEC/' directory. This is highlighted by the inclusion of an '--auto-fix' flag which grants the skill file-modification capabilities based on the analysis of these documents.
- Ingestion points: Markdown files located in 'docs/10_TSPEC/'.
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined.
- Capability inventory: Execution of local validation scripts and modification of local files via auto-fix functionality.
- Sanitization: No sanitization of input document content is specified in the skill logic.
Audit Metadata