Skills
skills/dceoy/spec-kit-agent-skills/speckit-implement/Gen Agent Trust Hub

speckit-implement

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill executes a repository-relative shell script .specify/scripts/bash/check-prerequisites.sh. This allows a malicious repository to achieve arbitrary command execution on the host system.
  • [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection via tasks.md and plan.md. The skill ingests untrusted data from these files to drive implementation logic and file system modifications without sanitization or boundary markers.
  • Ingestion points: specs/<feature>/tasks.md, plan.md, data-model.md, and contracts/.
  • Boundary markers: Absent. There are no instructions to delimit or ignore embedded commands in the source data.
  • Capability inventory: Write access to the codebase, local script execution, and dependency installation.
  • Sanitization: None detected.
  • [REMOTE_CODE_EXECUTION] (HIGH): The workflow automates 'Project Setup' including dependency initialization based on the repository's tech stack. This can lead to the execution of malicious code via package managers (e.g., npm, pip) on untrusted configuration files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:46 AM