spec-driven-apply
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local JavaScript utility (
spec-driven.js) using Node.js to manage task states and lists. It also directs the agent to execute project-specific tests, such as linting and unit tests, which involves running arbitrary commands defined within the project's test suite.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and follows instructions (tasks) defined in the project's.spec-driven/directory. If a user opens a malicious repository, instructions within these files could attempt to influence the agent's behavior. - Ingestion points: Processes files like
tasks.md,proposal.md, anddesign.mdfrom the.spec-driven/directory. - Boundary markers: No specific boundary markers or instructions to ignore embedded prompts are utilized when reading these artifacts.
- Capability inventory: The skill can modify files in the repository, execute its own bundled script, and run project-defined shell commands for testing.
- Sanitization: The skill does not perform validation or sanitization of the content fetched from the specification files before execution.
Audit Metadata