Skills
skills/anyoneanderson/agent-skills/spec-workflow-init/Gen Agent Trust Hub

spec-workflow-init

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a variety of shell commands to perform project reconnaissance and environment discovery.
  • Evidence: Executes git rev-parse, ls, find, cat, and grep to identify package managers, CI/CD setups, databases, and existing coding guidelines in SKILL.md (Steps 1 and 2).
  • [COMMAND_EXECUTION]: The skill performs local file system operations to create configuration directories and write generated workflow files.
  • Evidence: Uses mkdir -p and file writing logic to initialize .claude/agents/ and .codex/agents/ directories and their respective configuration files in SKILL.md (Steps 4 and 6).
  • [SAFE]: The skill implements protective measures and follows secure development guidelines in its templates.
  • Evidence: The generated reviewer agent instructions explicitly include checks for SQL injection, XSS, command injection, and hardcoded secrets in references/agents/claude/workflow-reviewer.md.
  • [SAFE]: The skill ensures user oversight by requiring interactive confirmation for critical actions.
  • Evidence: Uses AskUserQuestion rounds to confirm output locations and provides warnings with confirmation prompts before overwriting any existing files in SKILL.md (Steps 3 and 5).
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:55 PM
Security Audit — agent-trust-hub — spec-workflow-init