speckit-analyze
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The workflow executes a local bash script (
.specify/scripts/bash/check-prerequisites.sh) to verify the project state. While the script path is internal to the repository, executing shell scripts poses an inherent risk if the script or its environment is compromised. Additionally, the skill's instructions include logic for manual command-line argument escaping, which is a common precursor to shell injection vulnerabilities.\n- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of processing external data.\n - Ingestion points: The skill reads
spec.md,plan.md,tasks.md, andconstitution.mdfrom thespecs/directory and.specify/folder.\n - Boundary markers: Absent. The skill ingests markdown content directly into its context for semantic modeling without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The agent has the ability to execute bash scripts (via the prerequisite check) and read various files across the repository.\n
- Sanitization: No sanitization or validation of the ingested markdown content is performed before processing.
Audit Metadata