review-spec-auto
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted specification artifacts provided by the user, which presents a surface for indirect prompt injection.
- Ingestion points: The skill resolves and reads a spec artifact path provided via user input (Workflow Step 2 and 3).
- Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within the spec file.
- Capability inventory: The skill has the capability to write markdown files to the local filesystem at
docs/threads/<thread>/inbox/open/(Output Artifact section). - Sanitization: Absent. There is no mention of escaping or validating the content of the spec before it is analyzed or referenced in the output report.
- [SAFE]: The skill's operations are strictly local and read-only regarding the source material. It does not perform network operations, use external dependencies, or request administrative privileges.
- [SAFE]: No obfuscation, persistence mechanisms, or dynamic execution patterns were detected in the instructions.
Audit Metadata