speckit-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent to execute shell scripts located within the repository's structure (
.specify/scripts/bash/setup-plan.shand.specify/scripts/bash/update-agent-context.sh). While these are intended for setup and context management, executing repository-provided scripts assumes the target environment is fully trusted. - PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface (Category 8).
- Ingestion points: Reads data from
specs/<feature>/spec.mdand incorporates "User-provided constraints or tech preferences." - Boundary markers: No explicit instructions are provided to the agent to delimit or ignore instructions that might be embedded within the specification files or user inputs.
- Capability inventory: The agent has the capability to execute bash scripts and write multiple markdown and schema files to the local file system.
- Sanitization: There is no mention of sanitizing or validating the content of the feature specs or user inputs before using them to drive the planning workflow.
Audit Metadata