spec-product-clarify
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) by ingesting data from external files to generate project documentation.
- Ingestion points: The skill reads from {FEATURE_DIR}/requirements/raw.md and various files under .aisdlc/project/ including memory and product indices.
- Boundary markers: There are no explicit instructions or delimiters used when reading these files to prevent the agent from following instructions embedded within the user-provided markdown content.
- Capability inventory: The skill has the capability to write to the filesystem (creating or updating raw.md and solution.md) and to call other system skills like spec-context and using-aisdlc.
- Sanitization: The skill does not perform validation or escaping of the content read from project files before processing or including it in generated outputs.
Audit Metadata