spec-kit-specify
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for local documentation and workflow management. It does not perform network requests, download external resources, or execute shell commands.
- [DATA_EXFILTRATION]: The skill manages specifications in a local directory (specs/changes/) which it notes should be gitignored, adhering to best practices for managing temporary or non-canonical project data. No data is sent to external servers.
- [PROMPT_INJECTION]: The skill processes user-supplied feature descriptions to generate specification documents. While this represents a surface for indirect prompt injection, the agent's actions are restricted to writing text within a Markdown template, which prevents exploitation of other system capabilities.
- [PROMPT_INJECTION]: Evidence Chain for indirect injection surface:
- Ingestion points: Feature description input processed in SKILL.md.
- Boundary markers: Markdown template structure used for the spec.md output.
- Capability inventory: Local file system writes to the 'specs/changes/' directory.
- Sanitization: Not explicitly implemented as the output is restricted to technology-agnostic documentation.
Audit Metadata