spec-driven-auto
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to facilitate its workflow. It uses
lsto verify project initialization and executes a local utility script usingnode {{SKILL_DIR}}/scripts/spec-driven.js. Additionally, the skill is instructed to run the project's own test suite during the implementation and verification phases. These actions are consistent with the skill's primary function as a development automation tool. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
- Ingestion points: The workflow involves reading external, potentially untrusted project data including
.spec-driven/config.yaml, specification markdown files, and the general project codebase. - Boundary markers: The instructions do not specify the use of delimiters or specific instructions to ignore embedded commands within the processed files.
- Capability inventory: The skill has the capability to read/write files, execute a local Node.js script, and run project-defined tests.
- Sanitization: There is no evidence of sanitization or strict schema validation for the external configuration or specification files being ingested.
- [SAFE]: The skill includes several security-positive constraints, such as mandatory complexity checks that reject changes involving authentication, authorization, or payment flows, and a mandatory user confirmation checkpoint before implementation begins.
Audit Metadata