Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/specification-writing/Gen Agent Trust Hub

specification-writing

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in Step 10, where it aggregates drafted specification content and original user claims into a prompt for an external reviewer tool.
  • Ingestion points: The skill reads several user-provided or generated files from the patent/ directory (e.g., CLAIMS.md, INVENTION_DISCLOSURE.md).
  • Boundary markers: The prompt template in Step 10 lacks specific boundary markers or 'ignore embedded instructions' warnings when interpolating [all claims] and [all specification sections].
  • Capability inventory: The skill possesses high-privilege capabilities including Bash(*), Write, Edit, and the ability to invoke other Agent and Skill tools.
  • Sanitization: There is no evidence of sanitization or filtering of the user-provided text before it is inserted into the final review prompt.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool for project setup (Step 1) and file writing. It specifically instructs the agent to use cat <<'EOF' heredocs to handle large files, which is a defensive coding practice that prevents shell expansion of the file content, mitigating some command injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 10:11 AM
Security Audit — agent-trust-hub — specification-writing