Skills
skills/aircury/ai-framework/spec-kit-checklist/Gen Agent Trust Hub

spec-kit-checklist

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from local markdown files which could contain malicious instructions aimed at overriding agent behavior.
  • Ingestion points: Reads files spec.md, plan.md, and tasks.md under the specs/changes/ directory, as well as the root FRAMEWORK.md file.
  • Boundary markers: Absent. The skill does not use delimiters or provide instructions to the agent to disregard potential instructions embedded within the audited content.
  • Capability inventory: The agent has the capability to read from and write to the local filesystem within the project directory scope.
  • Sanitization: Absent. There is no mention of validation or filtering for the content ingested from the markdown files before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 09:18 PM