Skills
skills/akiojin/skills/speckit-require/Gen Agent Trust Hub

speckit-require

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill instructs the agent to read markdown files (e.g., .specify/templates/commands/specify.md) and execute the scripts found within them. It also executes .specify/scripts/bash/check-prerequisites.sh. These files are part of a repository (GitHub Spec Kit) that is not in the trusted source list, leading to the execution of untrusted code.
  • [COMMAND_EXECUTION] (MEDIUM): The skill utilizes the rg (ripgrep) command to search through local specification files, which demonstrates direct shell interaction and command-line capability.
  • [PROMPT_INJECTION] (HIGH): The skill has a significant indirect prompt injection surface. It ingests untrusted data from spec.md and plan.md files to drive its core workflow.
  • Ingestion points: Processes external specification files and user input.
  • Boundary markers: Absent in the prompt logic.
  • Capability inventory: Can execute shell scripts, run rg, and perform file system write operations.
  • Sanitization: None detected. Malicious instructions embedded in the specification files could be interpreted as commands by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 10:04 AM