ai-review-techspec

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via Bash to manage the Obsidian vault's git repository, including git add, git commit, and git push. It also uses git rev-parse --show-toplevel and basename to determine project paths.
  • [DATA_EXFILTRATION]: The skill performs a git push operation, which transmits the contents of the local Obsidian vault to a remote repository. While intended for synchronization, this constitutes a network send of local data.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted content from technical specifications (tech-spec.md) and product requirements documents (prd.md) stored in the vault. 1. Ingestion points: Technical specification and PRD files are read from the local filesystem. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when reading and analyzing the content of these external files. 3. Capability inventory: The skill has capabilities to read, write, and edit files, list directories, and execute git commands. 4. Sanitization: There is no evidence of sanitization or content validation before the agent processes the technical specifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 02:45 PM
Security Audit — agent-trust-hub — ai-review-techspec