skills/jei-skappa/skills/derive-spec/Gen Agent Trust Hub

derive-spec

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes untrusted data from a codebase, which creates a surface for indirect prompt injection attacks where malicious code could attempt to influence the agent's output.
  • Ingestion points: The orchestrator and subagents read all files within the user-defined source_root.
  • Boundary markers: The skill does not explicitly instruct the model to use delimiters or sanitization when reading source file content.
  • Capability inventory: The agent uses file system read operations, directory listings, and grep to inspect the codebase.
  • Sanitization: No sanitization or validation of the ingested source code content is specified before it is incorporated into the notes or final document.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:27 PM
Security Audit — agent-trust-hub — derive-spec