ai-review-techspec
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via Bash to manage the Obsidian vault's git repository, including
git add,git commit, andgit push. It also usesgit rev-parse --show-toplevelandbasenameto determine project paths. - [DATA_EXFILTRATION]: The skill performs a
git pushoperation, which transmits the contents of the local Obsidian vault to a remote repository. While intended for synchronization, this constitutes a network send of local data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted content from technical specifications (
tech-spec.md) and product requirements documents (prd.md) stored in the vault. 1. Ingestion points: Technical specification and PRD files are read from the local filesystem. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when reading and analyzing the content of these external files. 3. Capability inventory: The skill has capabilities to read, write, and edit files, list directories, and execute git commands. 4. Sanitization: There is no evidence of sanitization or content validation before the agent processes the technical specifications.
Audit Metadata