spec-kit-tasks
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/check-prerequisites.shto resolve feature paths and validate prerequisites. This is an expected operational step for the tool's intended functionality. - [EXTERNAL_DOWNLOADS]: The skill references documentation and templates from the official Spec Kit repository on GitHub, which is a well-known and recognized service for development resources.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and processing external project files to generate output. This is a common pattern for design-to-task automation tools and is handled at a safe severity level given the skill's purpose.
- Ingestion points: Reads from
plan.md,spec.md,research.md,data-model.md,contracts/, andquickstart.mdwithin the feature specification directory. - Boundary markers: Absent; the workflow does not define specific delimiters or instructions for the agent to ignore potentially malicious instructions embedded in the input documents.
- Capability inventory: The agent has the ability to execute local shell scripts (
scripts/check-prerequisites.sh) and write files (tasks.md) to the local file system. - Sanitization: No explicit content validation or sanitization of the input documents is performed prior to processing.
Audit Metadata