Skills
skills/b12consulting/skills/spec-driven/Gen Agent Trust Hub

spec-driven

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions for the user to install related methodology tools using npx via the command line.
  • [EXTERNAL_DOWNLOADS]: The documented npx command downloads resources from the b12consulting organization. This is a vendor-owned resource associated with the skill author.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by instructing the agent to prioritize data from the specs/ directory as 'ground truth'.
  • Ingestion points: Files in the specs/ folder, such as README.md, Vision.md, PRD.md, and individual ticket documents.
  • Boundary markers: None mentioned; the agent is instructed to resolve conflicts by adhering to a 'Truth Hierarchy' defined by these external files.
  • Capability inventory: The agent is empowered to suggest code changes, update project documentation, and recommend command execution based on the contents of these documents.
  • Sanitization: No validation or sanitization of the documentation content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 07:54 AM