Skills
skills/fabio-barboza/development-orchestrator/do-create-techspec/Gen Agent Trust Hub

do-create-techspec

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted project data.
  • Ingestion points: The agent reads the full content of the feature PRD (prds/prd-[feature-slug]/prd.md) and performs a deep analysis of the project's source code files (Step 2 and Step 3).
  • Boundary markers: There are no specified delimiters or instructions to ignore potential commands embedded in the project files.
  • Capability inventory: The agent can read and write files within the project structure and has access to external research tools like Web Search and Context7 MCP.
  • Sanitization: No explicit sanitization or validation is applied to the ingested content before it is used to generate the tech spec.
  • [NO_CODE]: This skill consists entirely of markdown instructions and a template file, with no executable scripts or binaries included.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 03:16 PM
Security Audit — agent-trust-hub — do-create-techspec