spec-kitty-implement
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes large external data blocks (Work Packages) that can exceed 1000 lines. The instructions explicitly direct the agent to look for and execute commands found at the end of this untrusted input.
- Ingestion points: Output from the
spec-kitty agent workflow implementcommand. - Boundary markers: None identified in the provided instructions to separate system instructions from the work package content.
- Capability inventory: The agent is authorized to perform git operations (add, commit, worktree creation), write/edit files, and execute a local Python task CLI (
.kittify/scripts/tasks/tasks_cli.py). - Sanitization: No sanitization or validation of the work package content is mentioned.
- [COMMAND_EXECUTION]: The skill requires the execution of a local CLI tool (
spec-kitty) and a specific Python script (.kittify/scripts/tasks/tasks_cli.py) to manage task states and file updates. While these appear to be internal workflow tools, they possess significant file system and git state manipulation capabilities.
Audit Metadata