spec-kit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch the Spec Kit CLI and associated templates from the official GitHub repository of the 'github' organization (https://github.com/github/spec-kit.git) using the uvx package runner.
- [REMOTE_CODE_EXECUTION]: The initialization and setup workflow involves executing code directly from a remote Git repository via the
uvx --from git+https://github.com/github/spec-kit.gitcommand pattern. - [COMMAND_EXECUTION]: The
/speckit.buildcommand is designed to generate implementation code from specifications and automatically execute test suites to verify the build progress on the local system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it transforms natural language requirements provided via the
/speckit.specifycommand into executable artifacts and code. - Ingestion points: User-provided specifications and clarification responses provided via slash commands in the chat interface.
- Boundary markers: The skill documentation does not define specific boundary markers or instructions for the agent to ignore malicious directives embedded within the requirements text.
- Capability inventory: The skill possesses capabilities for file system writes, project initialization, and the execution of generated tests and code through the build pipeline.
- Sanitization: No explicit sanitization, validation, or safety filtering of the input specifications is mentioned in the instruction set.
Audit Metadata