specify-plan
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions and referenced templates do not contain any malicious patterns such as prompt injection, data exfiltration, or unauthorized command execution.\n- [SAFE]: No external dependencies or remote code execution vectors were found. All references are to internal markdown files.\n- [SAFE]: The skill uses standard agent tools (Read, Write, Edit, etc.) for its intended purpose of document generation and management.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from PRD and SDD files to generate implementation plans.\n
- Ingestion points: Workflow steps in SKILL.md and context priming in template.md read documentation from the specDirectory (typically .start/specs/).\n
- Boundary markers: The skill uses structured templates for output but does not define explicit delimiters for untrusted input data.\n
- Capability inventory: The skill utilizes file system modification tools including Write, Edit, and TodoWrite.\n
- Sanitization: No content validation or escaping mechanisms are specified for the ingested documentation content.
Audit Metadata