Skills
skills/kw12121212/auto-spec-driven/spec-driven-spec-content/Gen Agent Trust Hub

spec-driven-spec-content

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses ls to verify project initialization and node to run management and verification scripts.
  • [REMOTE_CODE_EXECUTION]: The scripts component points to a relative path ../../dist/scripts outside the skill's directory. This results in the execution of code not contained within the audited package, which is an unverifiable execution pattern.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data-processing workflow.
  • Ingestion points: Reads .spec-driven/config.yaml, .spec-driven/specs/INDEX.md, and delta specification files from the project directory.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the reading steps.
  • Capability inventory: The agent can execute system commands and Node.js scripts based on the contents of the read files.
  • Sanitization: There is no evidence of validation or sanitization of the specification content before it influences the agent's logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 05:58 AM