agent-spec-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to check for and install the
agent-specCLI usingcargo install agent-specif the command is not found in the environment. - [COMMAND_EXECUTION]: The workflow involves executing
agent-spec parseandagent-spec lintshell commands to validate the quality and syntax of generated.specfiles. - [EXTERNAL_DOWNLOADS]: The agent is directed to fetch and install the
agent-specpackage from the public Rust crate registry (crates.io). This is identified as a vendor-provided resource for this skill. - [PROMPT_INJECTION]: The skill processes external task descriptions and BDD scenarios provided by users, creating an indirect prompt injection surface where malicious instructions could be embedded in data.
- Ingestion points: Processes user-provided task requirements and reads local reference patterns from
./references/patterns.md. - Boundary markers: Utilizes structured Markdown headers (e.g.,
## Intent,## Constraints,## Completion Criteria) to separate different types of data within the specification files. - Capability inventory: Possesses the ability to execute shell commands (via
cargoand theagent-specCLI) and read local files. - Sanitization: No specific input validation or sanitization of the user-provided data is mentioned before it is incorporated into the spec files and processed by the CLI tools.
Audit Metadata