spec-kit-tasks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to instructions embedded in
plan.mdorspec.md(untrusted data). Ingestion points:plan.mdandspec.mdare loaded into the agent context in workflow steps 2 and 3. Boundary markers: None; the agent is not instructed to ignore content within these files. Capability inventory: Script execution (check-prerequisites.sh) and filesystem write (tasks.md). Sanitization: None; external content is directly transformed into executable tasks. An attacker could influence the generated tasks or the prerequisite check phase. - [Command Execution] (MEDIUM): The skill requires executing
scripts/check-prerequisites.sh, which contains a pointer to an external script located at../../spec-kit/scripts/check-prerequisites.sh. Executing code from paths outside the skill's controlled environment is a significant security risk. - [External Downloads] (LOW): References to the
github/spec-kitrepository are present. Since thegithuborganization is not on the trusted sources list, these references are noted as unverified dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata