spec-generator
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
pwd,ls,find,cat, andjqfor project discovery and context gathering. These commands are limited to information retrieval and directory exploration within the local environment. - Evidence: Found in
SKILL.md(First Steps section) and reference files (e.g.,references/init.md,references/tasks.md). - [PROMPT_INJECTION]: The skill processes user input and existing project files (e.g., source code, requirements) to generate documentation, which represents an indirect prompt injection surface. The behavior is inherent to the skill's purpose and is managed through structured interactions.
- Ingestion points: Reads project files including
requirement.md,design.md,coding-rules.md,CLAUDE.md,AGENTS.md, and discovered source files. - Boundary markers: Absent.
- Capability inventory: Shell commands for directory and file discovery (
ls,find,cat,jq). - Sanitization: No specific content filtering or sanitization of ingested file content is implemented.
Audit Metadata