speckit-baseline
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): Automated URLite scans flagged a malicious URL associated with the
requirements.mdfile, which is a core template/output managed by this skill. This represents a confirmed detection of a malicious reference within the skill's context. - COMMAND_EXECUTION (MEDIUM): The skill's workflow includes the execution of a repository-local bash script (
.specify/scripts/bash/create-new-feature.sh). Executing scripts provided within the repository context can lead to arbitrary code execution if the repository is untrusted. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of reading and summarizing untrusted source code.
- Ingestion points: Local source files and directories specified by the user (SKILL.md, Step 2).
- Boundary markers: Absent; there are no instructions to the agent to treat input code as data only or to ignore embedded instructions.
- Capability inventory: File system write access and execution of shell scripts via the
.specify/directory. - Sanitization: Absent; while the skill attempts to abstract implementation details, it does not sanitize input code for potentially malicious LLM instructions hidden in comments.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata