auto-spec

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes external input (feature requests) and repository data, which creates a potential surface for indirect prompt injection. Maliciously crafted requests or code comments could attempt to influence the specification generation or the execution of reconnaissance commands.
  • Ingestion points: Verbatim capture of the $request argument in Phase 0 and repository contents in Phase 1 (SKILL.md).
  • Boundary markers: None explicitly implemented; the skill relies on instructional grounding rather than technical isolation.
  • Capability inventory: The skill possesses Bash, Write, Edit, Read, and Workflow capabilities to perform its tasks.
  • Sanitization: No explicit sanitization or filtering of the input is performed before processing.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to explore the repository. This is an intended function for grounding requirements in reality but requires that the agent handle repository filenames and content safely during shell operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — auto-spec