decompose
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill reads potentially untrusted instructions from external
SPEC.mdfiles and incorporates them into the task definitions for implementation agents, creating a risk of indirect prompt injection. - Ingestion points: Phase 1 (Intake) reads the provided
SPEC.mdfile content. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are applied when extracting text from the specification.
- Capability inventory: The skill can write to the local filesystem and execute internal scripts.
- Sanitization: Input content is triaged for structure but is not sanitized for potential malicious instructions before being passed to downstream agents.
- [COMMAND_EXECUTION]: The skill executes a local schema validation script using the
bunruntime. This execution is confined to the skill's own directory and a related local 'implement' skill path.
Audit Metadata