spec-driven-dev
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands like
gitfor managing task-specific branches and worktrees. It also executes testing and linting tools as defined in the project's design documents to verify implementation tasks.\n- [PROMPT_INJECTION]: The skill processes specification documents which serve as the source of truth for its implementation logic. Although these documents represent an input surface for instructions, the workflow incorporates mandatory user approval checkpoints between the planning and implementation phases to ensure human oversight.\n - Ingestion points: Specification documents in
.kiro/specs/or.windloop/specs/.\n - Boundary markers: Absent.\n
- Capability inventory: Local file modifications, git command execution, and execution of user-specified test/lint scripts.\n
- Sanitization: None; the risk is mitigated through explicit user review gates defined in the phase protocol.
Audit Metadata