implement
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses a data ingestion surface where it reads feature names and plans from local files (
.specify/memory/plans/) and interpolates them into bash commands. - Ingestion points: Reads feature metadata from
.specify/memory/plans/and.stackshift-state.json. - Boundary markers: Absent; feature names are directly interpolated into shell variables.
- Capability inventory: Executes
git checkout,cat(to write files),git add,git commit, andgit pushvia a bash sub-process. - Sanitization: No explicit sanitization of feature names is shown before their use in shell commands, which could theoretically lead to command injection if local state files are maliciously crafted.
- [Command Execution] (SAFE): The skill uses standard shell commands (
git,cat) to manage the development workflow. This behavior is consistent with its primary purpose of setting up a development environment.
Audit Metadata