The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as its primary function is to ingest and analyze untrusted specification documents (including via remote URLs) and codebase content. * Ingestion points: The trailofbits:spec-compliance command accepts a path or URL and a for processing. * Boundary markers: While the skill lacks explicit technical delimiters for external data, it implements robust logic-based mitigations including 'Zero speculation' rules, mandatory evidence citations (line numbers and quotes), and confidence score requirements to prevent the agent from following instructions embedded in the audited data. * Capability inventory: The skill's command utilizes powerful tools including Bash, WebFetch, Read, and Write, which could be abused if an indirect injection successfully bypasses the agent's internal safety filters. * Sanitization: The 'Universal Format Normalization' phase focuses on extracting content and removing layout noise but does not explicitly mention sanitization of potentially malicious instructions within the normalized text.
[EXTERNAL_DOWNLOADS]: The trailofbits:spec-compliance command is configured with the WebFetch tool, which allows the agent to download specification documents from arbitrary user-provided URLs.

spec-to-code-compliance