superspec-implementation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill extracts and executes shell commands directly from the
tasks.mdfile based on specific tags (e.g.,[TDD][VERIFY_RED],[NON-TDD][VERIFY]). The instructions explicitly state to 'run it exactly' for any command found after 'Run:' or 'Verify:', posing a significant security risk if the file contains malicious payloads.- [REMOTE_CODE_EXECUTION] (HIGH): This represents a severe Indirect Prompt Injection surface. - Ingestion points: The skill reads task definitions and commands from
tasks.md. - Boundary markers: No sanitization or boundary markers are used to isolate the commands from the rest of the file content.
- Capability inventory: The skill possesses full shell execution capabilities to run tests, implementations, and validations.
- Sanitization: There is no validation or escaping of the extracted command strings before execution.- [DATA_EXFILTRATION] (MEDIUM): Because the skill can execute arbitrary commands, it could be coerced into reading sensitive local files (like
.envor SSH keys) and sending them to an external server via common utilities likecurlorwgetif they are present in the task list.
Recommendations
- AI detected serious security threats
Audit Metadata