church-spec-gate
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'church' command-line utility for project management tasks. Specific operations include:
- 'church context load' for gathering repository data.
- 'church bible validate' for checking requirements against documentation.
- 'church ledger add' for recording missing work items.
- 'church lifecycle advance' for updating the project phase state. These commands are consistent with the skill's documented purpose as a specification gatekeeper.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted external data such as user-provided PRDs and implementation plans.
- Ingestion points: User-provided specs, PRDs, and implementation plans referenced in the 'Inputs' section.
- Boundary markers: Absent; the skill does not explicitly define delimiters for external content.
- Capability inventory: The skill has filesystem and lifecycle management capabilities via the 'church' CLI tool.
- Sanitization: None present in the instruction text. Although the surface exists, it is consistent with the primary function of reviewing documents.- [SAFE]: No indicators of data exfiltration, hardcoded credentials, obfuscation, or unauthorized remote code execution were found. All external tool references ('church' CLI) are associated with the vendor's own package name.
Audit Metadata