spec-driven-review
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Node.js script located at
scripts/spec-driven.jsto list changes and verify their status. This execution is confined to the skill's own package and is used for internal workflow management. - [DATA_EXFILTRATION]: The skill reads project configuration files, specifications, and source code files from the local filesystem to perform its review. This activity is restricted to the local environment and does not involve transmitting data to any external destination.
Audit Metadata