speckit-enhance
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute a specific local bash script located at
.specify/scripts/bash/create-enhance.sh. This script is part of the project's internal structure and its execution is triggered automatically when the skill is used. - [PROMPT_INJECTION]: The skill processes untrusted user input via the
$ARGUMENTSvariable to populate an enhancement plan. This creates a surface for indirect prompt injection where malicious instructions in the user input could be persisted in the generated document, potentially affecting downstream tools like/speckit.implement. - Ingestion points: User input is ingested from the
$ARGUMENTSplaceholder inSKILL.md. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the prompt template.
- Capability inventory: The skill can execute shell scripts, read project files, and write to the local filesystem.
- Sanitization: There is no evidence of sanitization or validation of the user-provided enhancement description before it is interpolated into the plan.
Audit Metadata