Skills
skills/ahgraber/skills/spec-kit-reconcile/Gen Agent Trust Hub

spec-kit-reconcile

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs a local shell script located at scripts/check-prerequisites.sh with specific flags to resolve file paths and repository status.
  • [PROMPT_INJECTION]: The skill incorporates untrusted data from user-supplied gap reports and repository files into the agent's context, creating an indirect prompt injection surface.
  • Ingestion points: Processes user-provided 'gap reports' and existing repository files such as spec.md, plan.md, tasks.md, and memory/constitution.md.
  • Boundary markers: The instructions do not define any delimiters or safety markers to separate ingested content from system instructions.
  • Capability inventory: The skill is capable of executing a local shell script and performing write operations on repository artifacts.
  • Sanitization: There is no evidence of input sanitization or validation of the text content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 12:44 PM