Skills
skills/kw12121212/slim-spec-driven/spec-driven-cancel/Gen Agent Trust Hub

spec-driven-cancel

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes ls to verify the existence of the .spec-driven/ directory and runs a Node.js script to list and delete changes.
  • [COMMAND_EXECUTION]: The skill utilizes scripts located via a relative path (../../dist/scripts) pointing outside its immediate directory.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) by incorporating file and directory names directly into shell command arguments.
  • Ingestion points: Change names are retrieved from the file system using ls and script output as described in SKILL.md.
  • Boundary markers: The instructions do not define delimiters for the ingested data or provide instructions to ignore embedded commands within the names.
  • Capability inventory: The skill is capable of executing shell commands and Node.js scripts through the agent.
  • Sanitization: There is no evidence of sanitization or validation performed on the <name> variable before it is passed to the shell for execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 02:18 PM