spec-create
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill is primarily focused on generating markdown documentation and planning files within the local project structure.
- [COMMAND_EXECUTION]: The skill defines a protocol for generating implementation tasks that include shell commands (e.g.,
npm test,cargo test) for verification purposes. These commands are written to documentation files (tasks.md) rather than being executed by the skill itself. All generated content is subject to mandatory user approval gates before the documents are finalized. - [SAFE]: The skill implements automated normalization for feature names, stripping non-alphanumeric characters and converting to kebab-case. This practice effectively mitigates path traversal risks when creating directories and files in the
docs/features/location. - [SAFE]: The skill uses a multi-phase workflow with explicit human-in-the-loop checkpoints (approval gates). This ensures that any generated content, including technical decisions and implementation tasks, is reviewed by a human before being committed to the codebase.
Audit Metadata