spec-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill uses structured templates and guidance to align agent behavior with human expectations. It does not attempt to override system prompts or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or unauthorized data transmission logic. Notably, it includes a 'Never' boundary explicitly forbidding the commitment of secrets.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill suggests standard development commands (e.g., npm run build) as examples for project documentation, but does not execute external scripts or download untrusted code.
- [Privilege Escalation] (SAFE): No commands related to acquiring elevated permissions or modifying restricted system files were found.
- [Persistence Mechanisms] (SAFE): The skill focuses on documentation and task management within a repository and does not attempt to install services or modify shell profiles.
Audit Metadata