speckit-analyze
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a local shell script at
.specify/scripts/bash/check-prerequisites.sh. Executing scripts within the repository is a security risk if the script contains malicious logic or if input passed to the script is not correctly sanitized. - Evidence: Workflow Step 1 invokes
check-prerequisites.shwith flags like--jsonand--include-tasks. - Risk: The instructions specifically mention escaping single quotes in arguments (e.g., 'I'''m Groot'), indicating that dynamic or user-provided data is passed directly to the shell, which is a common vector for command injection.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and process content from
spec.md,plan.md, andtasks.md. Maliciously crafted instructions inside these files could manipulate the resulting analysis report or influence the agent's logic. - Ingestion points: Reads from
FEATURE_DIR/spec.md,FEATURE_DIR/plan.md, andFEATURE_DIR/tasks.md. - Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are defined for the input content.
- Capability inventory: The agent has the ability to execute local bash scripts and generate reasoning-based reports.
- Sanitization: None identified beyond manual escaping of single quotes in shell arguments.
Audit Metadata