workflow-code-to-spec

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a potential indirect prompt injection attack surface common to development tools that process external data.
  • Ingestion points: Reads local project configuration files (docs/project-config.json), repository documentation, git diff outputs, and user-provided Product Backlog Item (PBI) descriptions.
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the ingested data.
  • Capability inventory: The skill can spawn subagents (spawn_agent), write files to the documentation directory (docs/specs/), and execute specific local project scripts.
  • Sanitization: No explicit sanitization or validation of the ingested external data is mentioned in the skill instructions.
  • [COMMAND_EXECUTION]: The skill references the execution of project-specific synchronization scripts.
  • Evidence: Mentions running npm run codex:sync as a synchronization step, which is a standard development practice for keeping generated files in sync.
  • [EXTERNAL_DOWNLOADS]: All referenced resources are internal to the project repository.
  • Evidence: References file paths such as docs/project-config.json and docs/project-reference/docs-index-reference.md. No external network requests to untrusted domains were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:07 PM
Security Audit — agent-trust-hub — workflow-code-to-spec