specify-factory
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes untrusted project documentation. Ingestion points: requirements.md, solution.md, and AGENTS.md. Boundary markers: none explicitly defined for data interpolation, though markdown templates are used. Capability inventory: file system read/write operations within the local spec directory. Sanitization: no explicit sanitization of external content is described. This inherent risk is mitigated by a mandatory human-in-the-loop review process for all generated content.
- [COMMAND_EXECUTION]: The skill generates executable test stubs based on the detected project environment. While this involves creating code from user-supplied documentation, the stubs are marked as pending/skipped and are not executed by the skill itself, requiring human verification.
Audit Metadata