spec-product-demo
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements strict 'hard gates' (prerequisites) that require valid development context and specific input files before proceeding, effectively preventing accidental or unmapped execution.
- [PROMPT_INJECTION]: The skill processes untrusted content from 'prototype.md' to generate UI code and application logic. 1. Ingestion point: '{FEATURE_DIR}/requirements/prototype.md'. 2. Boundary markers: Absent. 3. Capability inventory: Writes code and assets to the filesystem. 4. Sanitization: None specified. This constitutes a surface for indirect prompt injection where malicious instructions in the prototype could influence generated code.
- [COMMAND_EXECUTION]: The skill manages filesystem operations by isolating output to a specific subdirectory and strictly forbidding the initialization of new project frameworks unless a path is verified, reducing the potential impact of environment contamination.
Audit Metadata