Skills
skills/wilddeer/specops/spec-step-review/Gen Agent Trust Hub

spec-step-review

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill identifies external project files as authoritative sources for execution instructions.
  • Ingestion points: Reads README.md, AGENTS.md, spec files, and research files to determine project conventions and setup (File: SKILL.md).
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions when reading these files.
  • Capability inventory: Executes git diff and, more critically, is instructed to run linters and tests as defined in the project documentation (File: SKILL.md, Section 3).
  • Sanitization: Absent. There is no validation of the commands extracted from project documentation before execution.
  • [COMMAND_EXECUTION] (MEDIUM): The process flow requires the agent to execute shell commands. While git diff is generally safe, the instruction to run linters/tests "per project docs" creates a dynamic command execution path controlled by the content of the files being reviewed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:44 AM