spec-constitution
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from the repository context and user input to generate documentation.
- Ingestion points:
.specify/memory/constitution.md, user input, and general repository context. - Boundary markers: None detected. The skill does not use delimiters or explicit 'ignore instructions' warnings when processing external repository context.
- Capability inventory: Writing to multiple files including
.specify/memory/constitution.md,.specify/templates/*.md,README.md, andquickstart.md. - Sanitization: No evidence of sanitization, escaping, or validation of input data before it is interpolated into templates or written to the filesystem.
- COMMAND_EXECUTION (LOW): The workflow involves automated file system writes to sensitive project files (README.md, templates). While this is the skill's stated purpose, the combination of reading untrusted data and writing to the project root creates a risk that a malicious file in the repository could cause the agent to overwrite or corrupt project documentation.
Recommendations
- AI detected serious security threats
Audit Metadata