spec-writer

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The instructions follow a structured process for document generation and do not contain patterns attempting to bypass safety filters or override system constraints.
  • [DATA_EXFILTRATION]: No network operations or credential harvesting patterns were identified. The skill's primary function is local file creation based on user-provided brainstorming data.
  • [REMOTE_CODE_EXECUTION]: The skill does not download or execute external scripts. While it generates implementation prompts containing CLI commands as examples (e.g., 'php artisan test'), these are intended for manual or secondary agent use and are not executed by the skill itself.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied project descriptions to generate documentation.
  • Ingestion points: User input enters the context during the Phase 1 brainstorming process as described in SKILL.md.
  • Boundary markers: Planning prompts in references/planning-prompts.md utilize <SPEC> tags to encapsulate user-provided specifications, helping to distinguish user data from instructions.
  • Capability inventory: The skill's capabilities are limited to generating markdown documentation files. It lacks shell access, network permissions, or the ability to read sensitive system configuration files.
  • Sanitization: The skill does not apply custom sanitization to user input, relying on the underlying agent's safe handling of text data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 08:41 AM
Security Audit — agent-trust-hub — spec-writer