scan-new-specs
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses the GitHub CLI (
gh) to list pull requests, view file contents, and query internal API endpoints to resolve engineer identities and documentation status. - [EXTERNAL_DOWNLOADS]: Fetches pull request metadata and specification file content (
PRODUCT.md) from officialwarpdotdevrepositories on GitHub. - [DATA_EXFILTRATION]: Transmits engineer names, email-resolved Slack IDs, and project summaries to the official Slack API (
chat.postMessage) using an environment-provided bot token. - [PROMPT_INJECTION]: The skill processes untrusted content from
PRODUCT.mdfiles, which could theoretically contain instructions intended to manipulate the agent during the documentation generation phase. - Ingestion points: Reads external
PRODUCT.mdfile content and pull request metadata from GitHub repos as described inSKILL.md. - Boundary markers: No explicit boundary markers or safety instructions are defined when passing data to the secondary
write-feature-docsskill. - Capability inventory: Shell command execution (
gh,curl), secondary skill invocation, and Slack messaging capabilities. - Sanitization: Employs
jqto robustly encode and sanitize message payloads before transmission to external APIs.
Audit Metadata