speckit-implement
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script at
.specify/scripts/bash/check-prerequisites.shand uses standard tools likegitto verify project state and manage repository-specific ignore files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core logic and execution flow are determined by the contents of files like
tasks.mdandplan.md. - Ingestion points: The skill reads and parses multiple project files, including
tasks.md,plan.md,data-model.md, andresearch.md. - Boundary markers: There are no explicit instructions or delimiters used to separate user-provided task descriptions from the skill's operational instructions, which could allow malicious content in these files to influence agent behavior.
- Capability inventory: The skill can create or modify files (ignore files) and execute arbitrary implementation tasks defined in the project files.
- Sanitization: No sanitization or validation of the ingested file content is performed before it is integrated into the agent's prompt context.
Audit Metadata