spec-design
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely focused on documentation generation and does not execute shell commands or perform network requests.
- [PROMPT_INJECTION]: The skill's instructions do not include any patterns intended to bypass safety guardrails, override agent roles, or extract system prompts. It uses instructional language to enforce a rigorous design process.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses local project files such as requirements, ADRs, and component definitions. This behavior is necessary for its function and no network exfiltration patterns or sensitive credential exposures were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external project files which constitutes an attack surface.
- Ingestion points: Reads from
{FEATURE_DIR}/requirements/solution.md,project/memory/*,project/components/{module}.md, andproject/adr/{adr-id}.md. - Boundary markers: Absent; there are no instructions to use delimiters or warnings for external content.
- Capability inventory: Limited to file writes within the project's design directory. No network, subprocess, or code execution capabilities are defined.
- Sanitization: No explicit sanitization or validation of input data is mentioned, but the risk is minimized by the lack of execution-oriented capabilities.
Audit Metadata