screen-spec-generator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands (
mkdir -p) to create and organize the directory structure for documentation and screenshots within the project'sdocs/screen_specs/folder. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to its analysis of untrusted project files at runtime.
- Ingestion points: The skill reads and parses
CLAUDE.md,pubspec.yaml, and Flutter.dartsource files to extract information about the application's UI and logic. - Boundary markers: No specific delimiters or "ignore" instructions are provided to the agent to prevent it from potentially following instructions embedded within code comments or string literals found in the analyzed files.
- Capability inventory: The agent has the capability to read project files, create directories, and write new Markdown and HTML files.
- Sanitization: There is no evidence of sanitization or filtering of the content extracted from the source code before it is interpolated into the final documentation templates.
- [DYNAMIC_EXECUTION]: The skill generates a custom command file at
.claude/commands/screen-spec.md. This serves as a persistent extension of the agent's capabilities, allowing it to re-execute the documentation generation logic using the localized templates and instructions provided by the skill.
Audit Metadata