speckit-specify
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands, including
git fetch,git ls-remote, and a custom bash script located at.specify/scripts/bash/create-new-feature.sh. It also manages the creation and updating of specification and checklist files.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and shell command injection due to unsafe input interpolation.\n - Ingestion points: User-provided descriptions enter via the
$ARGUMENTSvariable inSKILL.md.\n - Boundary markers: Absent; the input is interpolated directly into a bash command string without delimiters.\n
- Capability inventory: The skill can execute local scripts and perform git operations, providing a path to filesystem and remote repository interaction.\n
- Sanitization: Relies solely on natural language instructions for the agent to escape single quotes, which is insufficient to prevent command injection via characters like
;,|, or&.\n- [EXTERNAL_DOWNLOADS]: The skill performsgit fetch --all --prune, which initiates network connections to external git repositories.
Audit Metadata