Skills
skills/jh941213/my-cc-harness/spec-verify/Gen Agent Trust Hub

spec-verify

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the content of the specification file.
  • Ingestion points: The subagent reads data from the user-controlled SPEC.md file into its context.
  • Boundary markers: The prompt provided to the subagent does not utilize delimiters or specific instructions to ignore embedded commands or differentiate between system instructions and file content.
  • Capability inventory: The agent has access to file system tools (Read, Grep, Glob) and the subagent is tasked with code implementation based on the review.
  • Sanitization: No sanitization or validation of the specification file's content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:21 PM