spec-kit-implement
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a prerequisite script (
scripts/check-prerequisites.sh) and coordinates the execution of implementation tasks as defined in project artifacts. This is a central feature of the workflow.- [PROMPT_INJECTION]: The skill ingests and parses external documentation files (tasks.md,plan.md) to drive agent behavior. This creates an indirect prompt injection surface where instructions within these files could influence agent actions. - Ingestion points:
tasks.mdandplan.md(Workflow steps 3 and 5). - Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are defined.
- Capability inventory: Script execution, file modification, and implementation task processing.
- Sanitization: No specific sanitization or validation of the input file content is documented.- [DATA_EXPOSURE]: The skill is designed to update repository configuration files, specifically ignore files like
.gitignoreand.eslintignore, to ensure appropriate coverage for the active development stack.
Audit Metadata