spec-document-reviewer
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any executable code, network operations, or persistent mechanisms. It functions as a text-to-text prompt template for reviewing documents.
- [PROMPT_INJECTION]: The skill processes external, potentially untrusted data including RFC drafts and issue descriptions. This creates a surface for indirect prompt injection.
- Ingestion points: Data is ingested via orchestrator-provided inputs including , , and in SKILL.md.
- Boundary markers: The instructions utilize XML-like tags to delimit inputs from instructional text.
- Capability inventory: The skill is explicitly restricted to a read-only state, forbidding tool calls, API mutations, and file system modifications.
- Sanitization: There is no explicit sanitization or escaping of the processed content, but the lack of executable capabilities and the read-only constraint effectively neutralize exploitation risks.
Audit Metadata