speckit-update
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent to clone the
github/spec-kitrepository. Since the 'github' organization is not included in the 'Trusted GitHub Organizations' list, it is classified as an external download from an unverified source. - COMMAND_EXECUTION (LOW): The workflow includes running bash or powershell scripts for validation. The risk is mitigated by explicit instructions to check diffs and maintain local guardrails (no branch operations).
- PROMPT_INJECTION (LOW): This skill is vulnerable to Indirect Prompt Injection due to the ingestion of external templates and commands. \n
- Ingestion points: External templates, commands, and scripts cloned from the spec-kit repository.\n
- Boundary markers: None provided in the instructions for the data processing step.\n
- Capability inventory: The agent can perform file writes, modifications, and shell script execution.\n
- Sanitization: The skill mandates manual diffing and grep-based verification of the downloaded content.
Audit Metadata