Skills
skills/kundeng/spec-driven-dev-skill/spec-driven-dev/Gen Agent Trust Hub

spec-driven-dev

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates version control operations using shell commands such as git commit, git merge, and git worktree to manage development tasks autonomously.
  • [PROMPT_INJECTION]: The skill processes untrusted local data (e.g., README.md, package.json, and source code) to generate development specifications, creating an entry point for indirect prompt injection.
  • Ingestion points: Reads local project files including README.md, manifest files (package.json, pyproject.toml), and existing source code to understand context.
  • Capability inventory: Executes shell commands for git operations and file system modifications across multiple scripts.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when interpolating external file content into the agent's context.
  • Sanitization: No sanitization or validation of the content of the read files is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:30 AM