review-spec-auto

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted specification artifacts provided by the user, which presents a surface for indirect prompt injection.
  • Ingestion points: The skill resolves and reads a spec artifact path provided via user input (Workflow Step 2 and 3).
  • Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore instructions embedded within the spec file.
  • Capability inventory: The skill has the capability to write markdown files to the local filesystem at docs/threads/<thread>/inbox/open/ (Output Artifact section).
  • Sanitization: Absent. There is no mention of escaping or validating the content of the spec before it is analyzed or referenced in the output report.
  • [SAFE]: The skill's operations are strictly local and read-only regarding the source material. It does not perform network operations, use external dependencies, or request administrative privileges.
  • [SAFE]: No obfuscation, persistence mechanisms, or dynamic execution patterns were detected in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 08:32 AM
Security Audit — agent-trust-hub — review-spec-auto