init
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading and displaying the content of an existing .specops.json file from the local project root. This could allow an attacker to influence agent behavior if the file contains hidden instructions.
- Ingestion points: Reads the .specops.json file via the Read tool.
- Boundary markers: The file's content is displayed directly to the agent's context without delimiters or instructions to ignore potential commands within the data.
- Capability inventory: The skill has access to tools for reading, writing, and editing files on the local filesystem.
- Sanitization: The skill does not perform any validation or sanitization of the content retrieved from the configuration file before processing it.
Audit Metadata