zero-doc-spec-coding
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It is designed to ingest untrusted data (PRDs, user requirements, and legacy code) and transform it into executable test scripts.
- Ingestion points: Requirements, PRDs, and legacy code files provided by the user in the prompt.
- Boundary markers: The skill instructions do not specify any delimiters or safety markers to differentiate between the agent's instructions and the content of the user-provided data.
- Capability inventory: The agent has the capability to generate source code and is intended to run a local Python script (
verify_spec_coverage.py) to validate generated output. - Sanitization: There is no evidence of sanitization or filtering of instructions that might be embedded within the user-provided requirements.
- [DATA_EXFILTRATION]: The script
scripts/verify_spec_coverage.pyperforms file system read operations using user-controlled paths (sys.argv[1]). While this allows the tool to read local files for verification, there are no network capabilities or exfiltration patterns detected in the provided scripts.
Audit Metadata