leanspec-sdd
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of instructional markdown files and a helper script that define a Spec-Driven Development workflow. The content is educational and functional for its intended use case with the LeanSpec toolset.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute specific LeanSpec CLI commands (e.g.,
lean-spec board,lean-spec create,lean-spec validate) and standard Git commands (e.g.,git worktree). These commands are documented as the primary interaction method for the tool and do not involve unauthorized privilege escalation or persistence mechanisms. - [REMOTE_CODE_EXECUTION]: The helper script
scripts/validate-spec.shexecutes a local Node.js script (node bin/lean-spec.js validate). This is a standard validation procedure for local projects and does not download or execute untrusted remote code. - [EXTERNAL_DOWNLOADS]: References to external package managers (
npm,pnpm) and official LeanSpec repositories or domains are documented neutrally. No suspicious downloads from unverified sources were found.
Audit Metadata