spec-peer-review

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill follows secure development practices by utilizing explicit user prompts for important decisions and validating the structure of generated artifacts using a local script. It does not attempt to access sensitive system files or credentials. All bundled scripts are read-only templates and the process is designed to be agnostic to the host project.
  • [COMMAND_EXECUTION]: The skill invokes several local commands to manage the review workflow:
  • It executes git status to monitor for unexpected filesystem changes during the review process.
  • It runs a bundled shell script scripts/validate-findings.sh to ensure the integrity of the findings report. This script uses standard utilities like grep, sed, and awk for text validation.
  • It calls the compozy binary to interface with external LLMs. Input parameters like --ide and --reasoning are validated against predefined sets of allowed values in SKILL.md.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes external specification files for review.
  • Ingestion points: The contents of files targeted by spec-path and --context (in SKILL.md) are ingested into the context for the reviewer LLM.
  • Boundary markers: The skill uses structured templates with specific headers (e.g., CONTEXT FILES TO READ:, SCOPED-WRITE CONTRACT:) in references/peer-review-prompt.md to separate instructions from data, which helps mitigate instruction confusion.
  • Capability inventory: The skill can write files to the local directory, execute local shell scripts, and invoke the compozy tool to send data to an external LLM provider (in SKILL.md).
  • Sanitization: No content filtering or escaping is applied to the specification data before it is interpolated into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 01:01 AM
Security Audit — agent-trust-hub — spec-peer-review