leanspec
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
leanspecCLI tool for project management tasks, as well as standard development utilities likepnpmandgitfor verifying implementation results and checking project history.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it directs the agent to ingest and follow requirements, checklists, and acceptance criteria from local markdown specification files which could be manipulated by external contributors.\n - Ingestion points: Specification content is read via
leanspec viewandleanspec searchcommands as described inSKILL.mdandreferences/workflow.md.\n - Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore embedded directives when parsing specification content.\n
- Capability inventory: Across its lifecycle, the agent has the ability to execute shell commands (
leanspec,pnpm,git) and modify files in the project workspace.\n - Sanitization: The skill provides no mechanisms to sanitize or validate the content of the specifications before the agent interprets the requirements and checklists as actionable instructions.
Audit Metadata