Skills
skills/zhanghandong/agent-spec/agent-spec-estimate/Gen Agent Trust Hub

agent-spec-estimate

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the agent-spec CLI to extract contract parameters and historical data from local files.
  • [COMMAND_EXECUTION]: Provides a bash script for processing multiple specification files in a local directory.
  • [PROMPT_INJECTION]: Ingests untrusted specification files which serves as a potential surface for indirect instructions.
  • Ingestion points: Local files are processed via agent-spec contract in SKILL.md.
  • Boundary markers: The skill does not define explicit delimiters to isolate file content.
  • Capability inventory: Local command execution using the agent-spec CLI tool.
  • Sanitization: No content validation or filtering of specification data is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 09:59 AM