speckit-task-grounding
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill ingests and processes untrusted documentation files (e.g.,
tasks.md,spec.md,plan.md) which could contain malicious instructions designed to influence the agent's validation report. - Ingestion points: The PowerShell script
Validate-TaskGrounding.ps1reads the full text of multiple markdown artifacts in the feature directory. - Boundary markers: The framework does not utilize specific delimiters or instructions to ignore or isolate embedded prompts within these artifacts.
- Capability inventory: The skill utilizes file system access to read artifacts and generate reports using standard PowerShell commands.
- Sanitization: Ingested content is processed using regular expressions and string matching, but no formal sanitization is applied before the content is interpolated into the final
tasks.grounding.mdreport. - [COMMAND_EXECUTION]: Local script utilization. The skill includes and instructs the agent to execute specific PowerShell scripts (
Validate-TaskGrounding.ps1andAggregate-TaskGrounding.ps1) to perform task extraction, evidence searching, and result aggregation. These scripts use native PowerShell functions such asGet-Content,Out-File, andSelect-Stringto interact with the local filesystem.
Audit Metadata