Skills
skills/ahgraber/skills/spec-kit-clarify/Gen Agent Trust Hub

spec-kit-clarify

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes scripts/check-prerequisites.sh with specific flags to resolve necessary file paths for the specification analysis.
  • [EXTERNAL_DOWNLOADS]: The skill references templates and documentation from the official github/spec-kit repository; this is a well-known and trusted source for development tooling.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes user-controlled specification files.
  • Ingestion points: Content from spec.md is ingested to build an ambiguity coverage map.
  • Boundary markers: The skill lacks explicit delimiters or instructions to treat the specification content as untrusted data.
  • Capability inventory: The skill can execute local scripts and perform write operations to the file system.
  • Sanitization: No validation or sanitization of the input specification content is performed before processing or updating the file.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 12:44 PM