review-spec
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill handles untrusted external content ($ARGUMENTS) without using delimiters or boundary markers, creating a surface for indirect prompt injection.
- Ingestion points: Technical documents are passed to the tech-spec-reviewer subagent through the $ARGUMENTS variable.
- Boundary markers: Absent; the prompt in SKILL.md does not use delimiters to isolate the document content from instructions.
- Capability inventory: The skill can read files and execute git/node bash commands, providing a path for potential abuse if an injected instruction is followed by the agent.
- Sanitization: No input validation or sanitization is implemented for the processed documents.
Audit Metadata