speckit-taskstoissues
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts (specifically
.specify/scripts/bash/check-prerequisites.sh) and standard git commands (git config --get remote.origin.url) to gather repository metadata. - [COMMAND_EXECUTION]: The instructions require the agent to dynamically construct shell commands using user-provided
$ARGUMENTS. While the prompt includes specific guidance on escaping single quotes (e.g., using'I'\''m Groot'), this pattern creates a potential shell injection surface if the LLM fails to sanitize input perfectly. - [PROMPT_INJECTION]: The skill explicitly directs the agent to consider user input before proceeding and uses that input to influence command-line arguments, which is a vector for manipulating the intended logic of the skill.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the GitHub MCP server to create issues. This interaction targets GitHub, which is a well-known and trusted service provider.
Audit Metadata