Skills
skills/bytelandtechnology/spec-forge/spec-forge-journeys/Gen Agent Trust Hub

spec-forge-journeys

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (IPI) because its core workflow involves reading and summarizing external data files.
  • Ingestion points: The agent retrieves data from journey artifacts (.yaml files) using the spec-forge-cli artifact get command.
  • Boundary markers: The instructions lack explicit boundary markers or directives to treat the content of the YAML files as untrusted data, increasing the risk that the agent might follow instructions embedded within those files.
  • Capability inventory: The agent has the ability to modify the local filesystem, merge artifacts, and advance the project stage using various spec-forge-cli subcommands.
  • Sanitization: There is no mention of sanitizing or validating the content of the journey artifacts before they are processed and summarized for the user.
  • [COMMAND_EXECUTION]: The skill's operation relies heavily on executing the spec-forge-cli utility with various arguments.
  • Evidence: The workflow involves running commands such as spec-forge-cli resolve, apply, artifact, approve, focus, gate, and stage advance with parameters (like --target <target-dir> and --spec-id <spec-id>) provided by the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 09:29 AM
Security Audit — agent-trust-hub — spec-forge-journeys