Skills
skills/nesnilnehc/ai-cortex/review-requirements/Gen Agent Trust Hub

review-requirements

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is to perform a qualitative review of requirements documents based on six dimensions (problem clarity, testable needs, constraint inventory, scope boundedness, requirement IDs, and open questions). This behavior is strictly analytical and text-based.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data (the requirements document) which presents a potential surface for indirect prompt injection.
  • Ingestion points: The input_schema in SKILL.md and agent.yaml accepts a document artifact (path or content).
  • Boundary markers: There are no explicit delimiters or boundary markers defined in the prompt instructions to isolate the user-provided document from the analysis logic.
  • Capability inventory: The skill lacks dangerous capabilities such as network operations, file system writes, or subprocess execution. Its only output is a text-based findings list.
  • Sanitization: No input sanitization or escaping mechanisms are specified.
  • [EXTERNAL_DOWNLOADS]: The skill references an overlapping skill from the same author (nesnilnehc/ai-cortex:analyze-requirements) in the README.md and agent.yaml. This is a legitimate vendor resource reference and does not involve downloading external code.
  • [REMOTE_CODE_EXECUTION]: No remote code execution patterns, package installations, or dynamic script execution (eval/exec) were detected across any of the files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 11:15 AM