Skills
skills/warpdotdev/common-skills/check-impl-against-spec/Gen Agent Trust Hub

check-impl-against-spec

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from pull requests.
  • Ingestion points: Untrusted data enters the agent context through spec_context.md, pr_diff.txt, and pr_description.md (SKILL.md).
  • Boundary markers: Absent; no explicit delimiters or instructions are provided to the agent to ignore embedded instructions within the analyzed code or text.
  • Capability inventory: The skill is capable of writing findings to review.json and generating inline comments (SKILL.md).
  • Sanitization: Absent; no evidence of input validation or escaping of external content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:42 AM
Security Audit — agent-trust-hub — check-impl-against-spec