spec-peer-review
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill follows secure development practices by utilizing explicit user prompts for important decisions and validating the structure of generated artifacts using a local script. It does not attempt to access sensitive system files or credentials. All bundled scripts are read-only templates and the process is designed to be agnostic to the host project.
- [COMMAND_EXECUTION]: The skill invokes several local commands to manage the review workflow:
- It executes
git statusto monitor for unexpected filesystem changes during the review process. - It runs a bundled shell script
scripts/validate-findings.shto ensure the integrity of the findings report. This script uses standard utilities likegrep,sed, andawkfor text validation. - It calls the
compozybinary to interface with external LLMs. Input parameters like--ideand--reasoningare validated against predefined sets of allowed values inSKILL.md. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external specification files for review.
- Ingestion points: The contents of files targeted by
spec-pathand--context(inSKILL.md) are ingested into the context for the reviewer LLM. - Boundary markers: The skill uses structured templates with specific headers (e.g.,
CONTEXT FILES TO READ:,SCOPED-WRITE CONTRACT:) inreferences/peer-review-prompt.mdto separate instructions from data, which helps mitigate instruction confusion. - Capability inventory: The skill can write files to the local directory, execute local shell scripts, and invoke the
compozytool to send data to an external LLM provider (inSKILL.md). - Sanitization: No content filtering or escaping is applied to the specification data before it is interpolated into the prompt.
Audit Metadata