spec-doc
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted data from the local file system without adequate sanitization or boundary markers.
- Ingestion points: The agent performs a comprehensive scan of the codebase, including entry points, data models, public interfaces, and configuration files (
Phase 1.2: Code Scan Strategy). - Boundary markers: The instructions lack specific delimiters or warnings to ignore instructions embedded within the source code (e.g., in code comments or string literals).
- Capability inventory: The skill has broad file-read access to the directory and file-write access to the
docs/folder. - Sanitization: There is no logic to escape or validate content extracted from the code before it is interpolated into the final markdown specification.
- Data Exposure (SAFE): While the skill scans configuration files and environment variable definitions, it does so for documentation purposes. There are no network operations detected to exfiltrate this data.
Audit Metadata