Skills
skills/moejay/modspec/modspec-implement/Gen Agent Trust Hub

modspec-implement

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from external specification and feature files.
  • Ingestion points: The skill explicitly instructs the agent to read files from the spec/ and features/ directories (SKILL.md).
  • Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when reading these external files.
  • Capability inventory: The skill requires the agent to write implementation code to the local filesystem and execute test runners/feature suites (SKILL.md, Steps 4 and 6).
  • Sanitization: There is no mention of sanitizing, validating, or escaping the content of the .md or .feature files before the agent acts upon their instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 04:38 PM