speckit-implement
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes a local prerequisite check script located at
.specify/scripts/bash/check-prerequisites.shand performs git operations (git rev-parse). While these are standard for environment validation, they represent a command execution surface that relies on the integrity of the local repository environment. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it directly translates instructions from repository files into implementation actions.
- Ingestion points: The agent reads and parses
tasks.md,plan.md,data-model.md,contracts/,research.md, andquickstart.md. - Boundary markers: Absent. There are no instructions to the agent to ignore or sanitize instructions embedded within these data files.
- Capability inventory: High. The agent has the authority to create/modify files, update task lists, and initialize project configurations based on the input data.
- Sanitization: Absent. The workflow lacks a validation step to ensure that implementation tasks do not contain malicious instructions meant to subvert the agent's logic.
Audit Metadata