to-spec
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill acts as a guided prompt for summarizing project needs into a standardized format.
- [COMMAND_EXECUTION]: Interactions with the project repository and issue tracker are consistent with the skill's primary function and do not involve unauthorized command execution.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes conversation context to generate content for an issue tracker.
- Ingestion points: Conversation history (SKILL.md)
- Boundary markers: Absent
- Capability inventory: Publication to project issue tracker
- Sanitization: Absent
- This represents a standard surface for indirect prompt injection, but is considered safe within the intended context of a documentation assistant. The command
/setup-matt-pocock-skillsis a recognized configuration resource from the author.
Audit Metadata