workflow-code-to-spec
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a potential indirect prompt injection attack surface common to development tools that process external data.
- Ingestion points: Reads local project configuration files (
docs/project-config.json), repository documentation, git diff outputs, and user-provided Product Backlog Item (PBI) descriptions. - Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the ingested data.
- Capability inventory: The skill can spawn subagents (
spawn_agent), write files to the documentation directory (docs/specs/), and execute specific local project scripts. - Sanitization: No explicit sanitization or validation of the ingested external data is mentioned in the skill instructions.
- [COMMAND_EXECUTION]: The skill references the execution of project-specific synchronization scripts.
- Evidence: Mentions running
npm run codex:syncas a synchronization step, which is a standard development practice for keeping generated files in sync. - [EXTERNAL_DOWNLOADS]: All referenced resources are internal to the project repository.
- Evidence: References file paths such as
docs/project-config.jsonanddocs/project-reference/docs-index-reference.md. No external network requests to untrusted domains were identified.
Audit Metadata