Skills
skills/pradeepmouli/zod-to-form/speckit-deprecate/Gen Agent Trust Hub

speckit-deprecate

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local bash scripts (.specify/scripts/bash/create-deprecate.sh) with arguments derived from user input ($ARGUMENTS). This represents a potential command injection vector if the underlying execution environment does not properly sanitize shell arguments.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
  • Ingestion points: Untrusted data enters the context via the $ARGUMENTS variable and the output of the .specify/scripts/bash/create-deprecate.sh script.
  • Boundary markers: None are present to distinguish between instructions and data.
  • Capability inventory: The skill has the capability to execute shell scripts and write to the file system (DEPRECATION_FILE).
  • Sanitization: There is no evidence of sanitization or validation of the input before it is used in command execution or file writing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:47 PM