spec-driven
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill is a comprehensive development utility focusing on requirements engineering and task execution.
- [COMMAND_EXECUTION]: The skill executes shell commands for linting, typechecking, and running tests. These operations are standard for development workflows and are triggered based on the project's local configuration files (e.g., package.json).
- [PROMPT_INJECTION]: The skill includes robust defenses against indirect prompt injection. In
references/research.md, it defines a 'Content Trust Boundary' that explicitly instructs the agent to discard any directives or behavioral suggestions found in external web content and to only extract factual information. - [EXTERNAL_DOWNLOADS]: The skill utilizes web search and documentation lookups for technical research. These activities are limited to its primary function and are governed by strict synthesis guidelines to ensure fetched content is sanitized before being used in specifications or plans.
Audit Metadata