derive-spec
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes untrusted data from a codebase, which creates a surface for indirect prompt injection attacks where malicious code could attempt to influence the agent's output.
- Ingestion points: The orchestrator and subagents read all files within the user-defined source_root.
- Boundary markers: The skill does not explicitly instruct the model to use delimiters or sanitization when reading source file content.
- Capability inventory: The agent uses file system read operations, directory listings, and grep to inspect the codebase.
- Sanitization: No sanitization or validation of the ingested source code content is specified before it is incorporated into the notes or final document.
Audit Metadata