spec-kitty-sync-plugin
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses a 'CRITICAL RULE' to explicitly instruct the agent to avoid simulation and instead perform live bash command execution. This acts as a directive to bypass standard agent safety protocols regarding simulated actions.\n- [COMMAND_EXECUTION]: The execution protocol involves running multiple shell commands, including 'pip install', 'spec-kitty init', and local Python scripts ('sync_configuration.py', 'install_all_plugins.py'). These commands are used to manage the lifecycle of the framework within the project environment.\n- [EXTERNAL_DOWNLOADS]: The skill upgrades the 'spec-kitty-cli' package from PyPI. This is a well-known service for package distribution, and the download is essential for the skill's primary function.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and 'reconciles' upstream templates and git diffs. If the upstream source contains malicious instructions, they could be ingested by the agent during the review process.\n
- Ingestion points: Reads '.kittify/' templates and 'git diff' results (Step 3b.1).\n
- Boundary markers: None provided to separate untrusted template content from instructions.\n
- Capability inventory: The agent is authorized to modify skill files and execute local scripts.\n
- Sanitization: The skill relies on agent-led manual reconciliation without automated validation or escaping of the ingested data.
Audit Metadata