spec-kitty-status
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
spec-kittycommand-line tool to interact with the project's task management system. This tool is a vendor-owned resource provided by the author to support the skill's primary functionality. - [PROMPT_INJECTION]: An indirect prompt injection surface was evaluated. Ingestion points: Task descriptions and work package statuses retrieved from the project environment. Boundary markers: None explicitly defined in the skill documentation. Capability inventory: Execution of the
spec-kittyCLI tool. Sanitization: No explicit sanitization of task content was identified. The risk is considered minimal as the skill only performs read-only status display.
Audit Metadata