speckit-analyze
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
scripts/check-prerequisites.shscript employseval $(get_feature_paths). Theget_feature_pathsfunction inscripts/common.shgenerates shell assignments based on the current git branch or environment variables likeSPECIFY_FEATURE. While variables are single-quoted, this pattern remains a minor risk if an attacker can manipulate the git environment to include single quotes in branch names, potentially leading to command breakout. - [PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection. The skill ingests untrusted data from project artifacts.
- Ingestion points:
spec.md,plan.md, andtasks.md(Step 2 inSKILL.md). - Boundary markers: Absent; the skill does not define delimiters to wrap external artifact content.
- Capability inventory: The skill uses subprocess execution for prerequisites and possesses read-only file access; no network or file-write capabilities are defined.
- Sanitization: No sanitization or validation of the content of the analyzed files is performed.
Audit Metadata