implement-spec
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming external data from specification files (
specs/*.md) and project configuration (CLAUDE.md) as authoritative instructions for its implementation logic. - Ingestion points: Files located at
specs/*.mdandCLAUDE.mdwithin the repository. - Boundary markers: Absent; the skill is explicitly instructed that the 'spec is the source of truth'.
- Capability inventory: The skill has the ability to write files, create Git commits, push to remote branches, and execute multiple shell commands via the Rust toolchain (
cargo). - Sanitization: No validation or sanitization of the specification content is performed before the agent acts on the instructions.
- [COMMAND_EXECUTION]: The skill executes local shell commands including
cargo fmt,cargo clippy,cargo nextest, andcargo run. While these are standard for Rust development, they are used to validate and execute code that the agent generates dynamically from potentially untrusted specifications.
Audit Metadata