specs-finish-ticket
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include a command for the user to install missing sibling skills using 'npx skills add b12consulting/skills'. This targets the vendor's own official repository and is a standard procedure for this skill framework.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes implementation code and documentation to generate review outcomes. Ingestion points: project-level docs (e.g., Vision.md, PRD.md), ticket folders (Spec.md, Plan.md), and the application codebase. Boundary markers: Not explicitly defined in the review instructions. Capability inventory: Read access to the repository and write access to project documentation files such as Findings.md and Spec.md. Sanitization: No validation or escaping of ingested codebase content is specified before it is processed by the agent.
Audit Metadata