spec-driven-dev

No direct indicators of malware or obfuscated/backdoor code were found in the provided spec-driven agent documentation. The primary security concerns are high-risk capabilities by design: arbitrary Bash execution, read/write access to repository files, and explicit examples of sending repository context to an external LLM (gemini). These raise data-exfiltration and execution risks if misconfigured or used on sensitive code. Recommended mitigations: require explicit per-run consent before sending repository data externally; implement file redaction/allowlist logic (exclude secrets, .env, key stores) prior to any network calls; restrict automatic auto-invoke defaults (prefer opt-in); limit Bash execution to a supervised/sandboxed environment and present a preview of commands before execution; add logging/audit trails for external calls and executed shell commands; and document safe-defaults in specs/README.md. With these mitigations the tool can be used safely; without them, it increases supply-chain and data-leak risk.