spec-interview
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as intended for technical documentation refinement. It reads existing project files and interacts with the user to fill information gaps.
- [DATA_EXFILTRATION]: The skill accesses local design documents and project files to identify technical gaps, which is the core functionality. No exfiltration patterns to external domains were observed.
- [COMMAND_EXECUTION]: The skill instructions involve committing updated documents to version control, which is a standard developer workflow operation.
- [PROMPT_INJECTION]: The skill processes user-provided design documents (Ingestion points: target doc, design doc, plan.md), which constitutes an ingestion surface for indirect prompt injection. While no explicit boundary markers or sanitization steps are mentioned, the skill's capabilities are constrained to document analysis, user questioning via the AskUserQuestion tool, and writing/committing document updates.
Audit Metadata