speckit-tasks-zh
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill is configured to execute local environment check scripts (
check-prerequisites.shandcheck-prerequisites.ps1). While the provided PowerShell script is benign and focused on file discovery, the ability to run shell commands represents a potential risk if the scripts are modified by an attacker in the project repository. - PROMPT_INJECTION (LOW): The skill is vulnerable to Category 8 (Indirect Prompt Injection) as it processes various design documents (
spec.md,plan.md, etc.) provided in the project directory. Malicious instructions embedded in these documents could influence the agent's task generation process. - Ingestion points: Design documents located in
FEATURE_DIR(spec.md,plan.md,data-model.md,contracts/,research.md,quickstart.md). - Boundary markers: Absent. The skill lacks explicit instructions to treat the content of these files as data only or to ignore embedded commands.
- Capability inventory: Script execution (Bash/PowerShell), file reading, and writing to
tasks.md. - Sanitization: Absent. The skill extracts and interpolates text directly from documentation into the output template.
Audit Metadata