spec-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill creates an attack surface for indirect prompt injection. Research data is sourced from external inputs and files to populate research.md and spec.md without any validation or boundary markers. Because the resulting spec is passed to an execution skill, malicious instructions embedded in the research sources can lead to high-privilege downstream exploits. Mandatory Evidence: 1. Ingestion points: User input and existing files during research. 2. Boundary markers: None. 3. Capability inventory: File creation and influence over downstream execution. 4. Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata