Skills
skills/melodic-software/claude-code-plugins/speckit-workflow/Gen Agent Trust Hub

speckit-workflow

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection via its prompt templates defined in references/prompts-guide.md. \n- Ingestion points: Untrusted data enters the agent context through the {{feature_request}} variable in the Specify Phase, and potentially via {{constitution}} or {{codebase_context}} if those files are influenced by an attacker. \n- Boundary markers: The prompt templates lack structural delimiters (such as XML tags or unique markers) or specific instructions to the model to ignore embedded commands within the input variables. \n- Capability inventory: The skill is granted permissions to use Write, Edit, and Task tools, enabling it to modify the file system and execute tasks based on the output of injected prompts. \n- Sanitization: There is no evidence of escaping, validation, or filtering of external content before it is interpolated into the prompts.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:00 AM