Skills
AGENT LAB: SKILLS
skills/feiskyer/claude-code-settings/spec-kit-skill/Gen Agent Trust Hub

spec-kit-skill

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The script parses content from local markdown files to determine project status and phase.\n
  • Ingestion points: The script scripts/detect-phase.sh reads data from .specify/specs/*/spec.md and .specify/specs/*/tasks.md via grep.\n
  • Boundary markers: Absent. The script assumes specific markdown headers (e.g., '## Clarifications') and task list patterns to branch its logic.\n
  • Capability inventory: The script performs local file reads and executes version checks for the specify CLI tool. While limited, the output influences the agent's understanding of project state.\n
  • Sanitization: Absent. Data is extracted directly from files without validation or escaping.\n- External Downloads (SAFE): The documentation and script output suggest installing the specify-cli from github.com/github/spec-kit.git. This is provided as informational guidance for the user and is not an automated download or execution by the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:01 PM