skills/codervisor/lean-spec/leanspec/Gen Agent Trust Hub

leanspec

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves and processes content from external backends such as GitHub Issues, Jira, and Azure DevOps.
  • Ingestion points: Data enters the agent context through CLI commands like leanspec view, leanspec board, and leanspec search which query external platforms.
  • Boundary markers: The instructions do not provide explicit delimiters or instructions to the agent to treat retrieved specification content as untrusted data separate from its core instructions.
  • Capability inventory: The skill allows the agent to update project state (leanspec update), create new artifacts (leanspec create), and execute project-level shell commands (pnpm test, git log, etc.) during the implementation and verification phases.
  • Sanitization: There is no mention of sanitizing or escaping content retrieved from external backends before it is interpreted by the agent.
  • [COMMAND_EXECUTION]: The methodology relies on the execution of the leanspec CLI tool and other standard development utilities (git, pnpm, npm) to manage specifications and verify code changes. This involves starting local servers (e.g., leanspec ui) and running build/test scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 08:29 PM
Security Audit — agent-trust-hub — leanspec