speckit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (scripts/init_spec_dir.py and scripts/validate_spec.py) to automate file system tasks such as directory creation and document validation. These scripts perform standard operations within the project's specs/ directory.\n- [SAFE]: The skill maintains an ingestion surface for untrusted data through the /speckit.specify command, which processes user-provided feature descriptions to generate documents based on templates. This operation is limited to local file system management (writing markdown files) and lacks any dangerous capabilities such as network access or dynamic code execution. Boundary markers are present in the form of structured templates and markdown headers. No malicious behavior, obfuscation, or unauthorized access to sensitive data was detected.
Audit Metadata