Skills
skills/anyoneanderson/agent-skills/spec-code/Gen Agent Trust Hub

spec-code

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from multiple sources to guide its execution. Malicious instructions embedded in specification documents or GitHub issues could potentially manipulate the agent into performing unauthorized actions.
  • Ingestion points: The skill reads external content from requirement.md, design.md, tasks.md in the --spec directory, GitHub issue descriptions via gh issue view, and feedback files provided through the --feedback option.
  • Capability inventory: The agent has the authority to create and modify source code files and execute git commands to stage and commit changes based on the instructions found in the spec files.
  • Boundary markers: The execution flow does not specify delimiters or "ignore embedded instructions" warnings when interpolating the content of these external files into the agent's context.
  • Sanitization: There is no evidence of sanitization or validation of the content read from specification or feedback files before the agent processes them as requirements.
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh issue view) and git commands (git commit) to interact with the project environment. While standard for development workflows, these points of execution are driven by the task descriptions and identifiers parsed from the tasks.md file.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 08:55 AM