scan-new-specs

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses the GitHub CLI (gh) to list pull requests, view file contents, and query internal API endpoints to resolve engineer identities and documentation status.
  • [EXTERNAL_DOWNLOADS]: Fetches pull request metadata and specification file content (PRODUCT.md) from official warpdotdev repositories on GitHub.
  • [DATA_EXFILTRATION]: Transmits engineer names, email-resolved Slack IDs, and project summaries to the official Slack API (chat.postMessage) using an environment-provided bot token.
  • [PROMPT_INJECTION]: The skill processes untrusted content from PRODUCT.md files, which could theoretically contain instructions intended to manipulate the agent during the documentation generation phase.
  • Ingestion points: Reads external PRODUCT.md file content and pull request metadata from GitHub repos as described in SKILL.md.
  • Boundary markers: No explicit boundary markers or safety instructions are defined when passing data to the secondary write-feature-docs skill.
  • Capability inventory: Shell command execution (gh, curl), secondary skill invocation, and Slack messaging capabilities.
  • Sanitization: Employs jq to robustly encode and sanitize message payloads before transmission to external APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 07:54 PM
Security Audit — agent-trust-hub — scan-new-specs