eng-spec
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The README instructs users to install the skill from the author's GitHub repository (
amit-t/skills) using an external CLI tool. - [COMMAND_EXECUTION]: The skill executes the shell command
hq.sync-contextas the final step of its workflow. Furthermore, it sources directory paths (PM_OS_DIR,UXD_OS_DIR) from a localproject.conffile; if this configuration is maliciously modified, it could lead the agent to read sensitive system files (such as SSH keys or environment secrets) and include them in the generated specifications. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted external data (PRDs and HTML prototype screens). This data is passed to five specialized sub-agents to drive the generation of engineering specifications without proper sanitization.
- Ingestion points: PRD files and HTML/UX assets are loaded from directories defined in
project.conf($PM_OS_DIRand$UXD_OS_DIR). - Boundary markers: There are no delimiters or instructions provided to the sub-agents to distinguish between the skill's instructions and potentially malicious content within the ingested PRDs or HTML screens.
- Capability inventory: The skill can write files to the project directory (
outputs/tdds/,outputs/specs/) and execute shell commands (hq.sync-context). - Sanitization: No validation or escaping is applied to the data extracted from the external assets before it is used in prompts.
Audit Metadata