kspec-writing-specs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
kspecCLI tool (a resource associated with the vendor kynetic-ai) to perform operations on local specification files. This includes commands such askspec item add,kspec item set,kspec item ac add, andkspec validateto create and verify requirements and acceptance criteria. This behavior is consistent with the skill's primary purpose of managing local software specifications. - [PROMPT_INJECTION]: The skill processes user-defined strings (such as feature titles, descriptions, and acceptance criteria) which are interpolated into CLI commands. This represents a surface for indirect prompt injection. However, the instructions encourage structured input (Given/When/Then format) and the use of the
kspectool for validation, which serves as a boundary for accidental or malicious input processing. The risk is considered minimal for this use case.
Audit Metadata