doc-tspec-validator
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's functionality is limited to validating local documentation files against predefined schemas. No suspicious behaviors such as obfuscation, exfiltration, or credential harvesting were identified.\n- [COMMAND_EXECUTION]: The skill defines commands to execute local validation scripts (e.g.,
python ai_dev_ssd_flow/10_TSPEC/scripts/validate_utest.pyandbash ai_dev_ssd_flow/10_TSPEC/scripts/validate_all_tspec.sh). These operations are confined to the project's repository and represent standard development environment tasks.\n- [DATA_INGESTION]: (Category 8 surface analysis) The skill processes markdown files located in thedocs/10_TSPEC/directory. While these files are untrusted inputs, the validation and 'auto-fix' logic is implemented in external scripts rather than via unconstrained LLM processing, which mitigates the risk of indirect prompt injection.\n - Ingestion points: Markdown documentation files within the
docs/10_TSPEC/project path.\n - Boundary markers: The instructions do not specify explicit delimiters to separate document content from agent instructions.\n
- Capability inventory: The skill can execute Python and Bash scripts which have the capability to read and modify local documentation files when the
--auto-fixflag is applied.\n - Sanitization: Validation is performed by dedicated scripts checking against a fixed schema; no specific sanitization of document text within the prompt instructions is documented.
Audit Metadata