spec-driven-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses the
Bashtool to execute TDD cycles and run local project tests such asnpm run test. These actions are restricted to the local environment and are essential to the framework's stated purpose of feature development. - [PROMPT_INJECTION] (LOW): This finding identifies a surface for Indirect Prompt Injection (Category 8). The skill reads and acts upon external data sources that could be controlled by an attacker.
- Ingestion points: Untrusted data enters the agent context through the
specs/directory and the existing codebase viaRead,Glob, andGreptools. - Boundary markers: Absent. There are no delimiters or specific instructions to the agent to ignore executable instructions found within the specification requirements.
- Capability inventory: The skill has significant capabilities, including
Bashcommand execution and the ability toWriteorEditfiles across the project. - Sanitization: Absent. The skill is designed to faithfully implement requirements found in the spec files without sanitizing the input for instructional overrides.
Audit Metadata