spec-driven-brainstorm
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Node.js scripts (
spec-driven.js) to automate the creation and validation of project proposal artifacts. While the<name>parameter is user-influenced, the skill includes a constraint to suggest or use 'kebab-case' names, which mitigates standard shell injection risks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting and summarizing untrusted project data and user ideas.
- Ingestion points: Reads rough ideas from the user and existing project specification files from the
.spec-driven/directory (SKILL.md, steps 1 & 2). - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present when reading external files.
- Capability inventory: The skill possesses the ability to read project files, write new markdown artifacts to the file system, and execute local shell commands via Node.js (SKILL.md, steps 6, 7, & 8).
- Sanitization: The 'kebab-case' rule for naming provides basic sanitization for the change name argument used in shell commands.
Audit Metadata