Skills
skills/kw12121212/slim-spec-driven/spec-driven-verify/Gen Agent Trust Hub

spec-driven-verify

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using ls and node to check directory existence and run internal logic scripts located in the {{SKILL_DIR}}/scripts/ directory. These scripts perform the bulk of the verification work.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from multiple files within the project's .spec-driven/ directory to generate its final report.
  • Ingestion points: SKILL.md reads content from .spec-driven/changes/<name>/questions.md, .spec-driven/specs/, .spec-driven/config.yaml, .spec-driven/changes/<name>/proposal.md, and various specification delta files.
  • Boundary markers: The skill does not use explicit boundary markers or instructions to ignore embedded commands when reading these external files.
  • Capability inventory: The skill possesses file-read capabilities and the ability to execute subprocesses via the node scripts.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content read from the project files before it is interpreted by the agent to create the tiered report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 02:18 PM