spec-kit-specify
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): High risk of indirect prompt injection as untrusted user input is used to drive critical execution steps and document generation without sanitization or boundary markers. 1. Ingestion point: Step 01 ('Treat the full user request as the feature description'). 2. Boundary markers: Absent. 3. Capability inventory: Execution of 'create-new-feature.sh' and multiple file write operations. 4. Sanitization: Absent.
- COMMAND_EXECUTION (HIGH): In Step 03, the user-provided feature description is passed directly as a command-line argument to 'scripts/create-new-feature.sh'. This pattern is highly susceptible to shell command injection if the user request contains shell metacharacters.
- COMMAND_EXECUTION (MEDIUM): The skill executes shell scripts using relative paths ('../../spec-kit/scripts/') to access resources outside the skill's own package, creating a dependency on the external file system layout that could be exploited in less isolated environments.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata