Skills
skills/jeffallan/claude-skills/spec-miner/Gen Agent Trust Hub

spec-miner

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to ingest and analyze untrusted content from existing codebases.
  • Ingestion points: The skill uses Read, Glob, and Grep tools to systematically scan source code, configuration files (e.g., .env, settings.py), and documentation files (SKILL.md, references/analysis-process.md).
  • Boundary markers: Absent. The instructions do not specify any delimiters or warnings for the agent to ignore potentially malicious instructions embedded within code comments, string literals, or README files of the analyzed project.
  • Capability inventory: The skill has access to the Bash tool, which could be exploited to execute arbitrary commands if a successful injection occurs through the processed data.
  • Sanitization: Absent. The agent is instructed to ground observations in code evidence without a mechanism to filter or sanitize the content of the files being read.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 01:10 AM