leanspec-sdd
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to execute various shell commands to manage development lifecycles and verify code integrity.\n
- Evidence includes the use of
pnpm typecheck,pnpm test, andpnpm lintfor verification, as well asgit logfor checking progress (documented inSKILL.mdandreferences/workflow.md).\n - The agent is also instructed to use the
lean-specCLI tool for project management tasks such as creating, updating, and validating specifications.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core design of reading and following instructions from project specification files.\n - Ingestion points: The agent reads specification files (Markdown with YAML frontmatter) from the
specs/directory or project workspace to extract requirements and checklist items.\n - Boundary markers: There are no instructions provided to the agent to use delimiters or safety guards when parsing these files to distinguish between legitimate requirements and potential injection attempts.\n
- Capability inventory: The agent has the authority to execute subprocess commands via
pnpm,git, and thelean-specCLI tool. Notably, thelean-spec agent run <spec>command (found inreferences/commands.md) implies a high degree of agency driven by spec content.\n - Sanitization: No sanitization or filtering of the natural language content within specs is mentioned; the agent is explicitly told to 'Follow spec's checklist items in order' and 'Mark complete only if implementation is verified'.
Audit Metadata