create-spec
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill's operations are limited to extracting information from the current conversation and writing it to local Markdown files under the
specs/directory. - [PROMPT_INJECTION]: The skill acts as an intermediary that processes user input into instructions for other agents, which constitutes an indirect prompt injection surface. This risk is inherent to its primary function of planning and task decomposition.
- Ingestion points: User conversation context (referenced in SKILL.md Step 1).
- Boundary markers: Absent; generated task files do not use specific delimiters to isolate user-provided content.
- Capability inventory: Local file system write access (restricted to the
specs/path). - Sanitization: No explicit sanitization or validation of the conversation context is performed before it is written into the task templates.
Audit Metadata