speckit-checklist-zh
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions were found that attempt to bypass safety filters, override system prompts, or extract internal instructions.
- Data Exposure & Exfiltration (SAFE): The skill performs local file existence checks for documentation but does not access credentials or sensitive system paths, nor does it perform any network operations.
- Obfuscation (SAFE): All scripts and documentation are in plain text; no Base64 encoding, zero-width characters, or homoglyphs were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): There are no external package installations or commands that download and execute remote scripts.
- Indirect Prompt Injection (SAFE): Although the skill processes external documentation files, it lacks dangerous capabilities like network access or file-writing that would make it vulnerable to exploitation.
- Dynamic Execution (SAFE): No use of eval, exec, or runtime compilation techniques was found.
Audit Metadata