speckit-cleanup
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script located at
.specify/scripts/bash/create-cleanup.sh. This script is invoked using shell command strings where user input from$ARGUMENTSis directly interpolated. This creates a risk of command or argument injection if the input contains shell metacharacters or crafted flags. - [COMMAND_EXECUTION]: The agent is instructed to perform file system operations including moving, renaming, and creating directories and files (e.g.,
specs/bugfix/001-*). While the skill claims to restrict these actions to thespecs/directory, these capabilities could be misused if the agent is misled by malicious input. - [PROMPT_INJECTION]: The skill ingests untrusted user data via the
$ARGUMENTSvariable and uses it to determine workflow behavior (dry-run vs. auto-fix) and as a parameter for shell execution. There are no boundary markers or explicit sanitization steps defined to prevent the agent from obeying instructions embedded within the arguments. - Ingestion points:
$ARGUMENTSvariable in SKILL.md. - Boundary markers: Absent.
- Capability inventory: Local bash script execution (
.specify/scripts/bash/create-cleanup.sh), directory moving, directory renaming, and file creation. - Sanitization: Absent; the skill relies on the agent's internal logic to parse arguments safely.
Audit Metadata