code-to-spec
Warn
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to perform a deep scan of the project, including configuration files and environment variables. This process involves reading local files such as
.envor system configuration files which may contain sensitive keys, secrets, or internal architectural details. Although no network exfiltration was detected, the access to these potentially sensitive files constitutes data exposure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process arbitrary content from a repository's files without clear isolation or sanitization.
- Ingestion points: The agent reads project structure, config files, READMEs, test descriptions, and core logic files throughout the analyzed codebase in
SKILL.md(Step 2: Deep Scan). - Boundary markers: There are no instructions or delimiters provided to distinguish between the agent's instructions and the content of the files being analyzed, nor are there instructions to ignore embedded commands.
- Capability inventory: The agent has the ability to read all files in the project workspace and write the resulting documentation to a user-specified path in
SKILL.md(Step 5: Save). - Sanitization: There is no explicit requirement for the agent to sanitize or validate the content of the analyzed files before including it in the final specification or using it to guide its reasoning.
Audit Metadata