spec-driven-dev
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (
gh) to automate issue management, including listing, creating, and modifying issues. These operations are essential for the GitHub provider's functionality. - [COMMAND_EXECUTION]: For Linear integration, the skill executes a local TypeScript script (
scripts/linear.ts) using thebunruntime. This is an intended mechanism for cross-skill communication. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests data from external sources like GitHub issue lists and local project specification files which could contain untrusted instructions.
- Ingestion points: Data is retrieved via
gh issue list, search results from the Linear skill, and markdown files within the configured specification directory. - Boundary markers: No explicit delimiters or boundary markers are defined in the instructions to isolate processed content.
- Capability inventory: The skill possesses the capability to execute shell commands (
gh), run local scripts (bun), and write/update files on the local filesystem. - Sanitization: No explicit sanitization or validation logic is present to filter or escape content retrieved from external trackers before processing.
Audit Metadata