implement-yolo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes a local bash script located at
.specify/scripts/bash/check-prerequisites.sh. While the script is local to the repository, automated shell execution is a capability that should be monitored for unauthorized modifications to the script file. - PROMPT_INJECTION (LOW): An indirect prompt injection surface exists because the skill reads content from
tasks.mdand interpolates it directly into the prompt of a sub-agent task. - Ingestion points: The skill reads
tasks.mdin Step 1 and Step 2.1. - Boundary markers: None. The
{checkpoint_description}is placed inside a string template without delimiters or instructions to ignore embedded commands. - Capability inventory: The skill can execute shell scripts, perform git commits, and trigger the
/speckit.implementcommand recursively. - Sanitization: No sanitization or validation of the text extracted from
tasks.mdis performed before it is passed to the sub-agent.
Audit Metadata