Skills
skills/hunter-leo/llm-agent-oop-coding-skill/spec-coding-skill/Gen Agent Trust Hub

spec-coding-skill

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill implements a mechanism to dynamically discover and execute other tools and agents. In references/01-initialization.md (Step 2) and references/06-start-and-resume.md (Step 0.5), the agent is instructed to scan the session context for skills and agent types matching specific functional descriptions (e.g., 'brainstorming', 'task completion'). It then recommends or directly invokes these discovered entities using the Skill tool (e.g., Skill(skill='oh-my-claudecode:team', ...)). This dynamic invocation pattern depends on potentially untrusted or deceptive skill descriptions in the environment.\n- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it relies on instructions read from files within the project's .dev/ directory. Files like blueprint.md, tasks.md, plan.md, and init.md (referenced in references/00-agent-execution.md and references/06-start-and-resume.md) are used to drive the agent's actions. There are no boundary markers or instructions to sanitize or validate the content of these files, meaning an attacker who can modify these documents (e.g., via a Pull Request) can influence the agent's behavior during subsequent sessions.\n
  • Ingestion points: .dev/ directory documentation and project source files.\n
  • Boundary markers: Absent.\n
  • Capability inventory: File writing, shell command execution (git, package managers), and dynamic skill invocation.\n
  • Sanitization: None specified for internal documentation ingestion.\n- [COMMAND_EXECUTION]: The methodology involves frequent use of command-line tools for development workflows. Instructions in references/06-start-and-resume.md and references/08-coding-standards.md guide the agent to perform git operations (branching, commits) and use package managers such as uv, npm, yarn, or pnpm. These capabilities, while necessary for the skill's purpose, are driven by the task lists generated during the planning phases, which increases the impact if the task list is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 08:29 AM