spec-decompose
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted external data (user-provided specification files) to drive its core logic.
- Ingestion points: The skill reads a user-provided file path containing high-level requirements or technical designs in the 'Read and understand the spec' phase.
- Boundary markers: There are no instructions for the agent to use XML tags, delimiters, or 'ignore embedded instructions' warnings when processing the contents of the specification file.
- Capability inventory: The skill has access to powerful tools including
Bash,Write, andEdit, and it invokes other skills (/add-task,/split-task). A malicious spec could attempt to influence these tools via the agent. - Sanitization: The instructions do not prescribe any validation, filtering, or escaping of the content read from the external document before it is used to plan or create tasks.
Audit Metadata