spec-plan
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms untrusted project documentation into structured, executable plans.
- Ingestion points: According to
SKILL.md, the skill reads content from{FEATURE_DIR}/requirements/solution.md,{FEATURE_DIR}/requirements/prd.md, and{FEATURE_DIR}/design/design.md. - Boundary markers: The instructions do not define any delimiters or safety prompts to prevent the agent from following malicious instructions potentially embedded in the requirement files.
- Capability inventory: While the skill only writes a Markdown file (
plan.md), that file is specifically designed to contain shell commands for execution by subsequent tools in the SDLC pipeline. - Sanitization: There is no evidence of sanitization, validation, or escaping of the ingested text before it is interpolated into the final executable task list.
Audit Metadata