terraform-consumer-design
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a local shell script at
.specify/scripts/bash/validate-env.shto verify credentials and environment state before initiating the design process.\n- [COMMAND_EXECUTION]: Utilizes the GitHub CLI (gh) to create and modify issues, where parameters are derived from user-provided natural language input.\n- [PROMPT_INJECTION]: Ingests untrusted natural language requests from users to populate structured GitHub issue templates and guide subagent tasks, creating a surface for indirect prompt injection.\n - Ingestion points: User infrastructure requests are captured via the
$ARGUMENTSvariable and mapped to multiple template fields (e.g.,infrastructure_components,project_name).\n - Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings when processing user input.\n
- Capability inventory: The agent can execute local bash scripts, perform Git operations, use the
ghCLI, and invoke various subagents (speckit.specify,speckit.plan, etc.) to generate technical artifacts.\n - Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided strings before they are incorporated into commands or subagent prompts.
Audit Metadata