spec-kitty-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard CLI tools (git, rsync, sed, python3) and specialized workflow tools (spec-kitty) to manage worktrees, sync files, and update task status. All executions are well-documented and part of the intended development workflow.
- [PROMPT_INJECTION]: Contains defensive instructions such as 'Anti-Simulation Rules' and an 'Escalation Taxonomy' which strengthen safety by requiring proof of execution and enforcing human-in-the-loop approval gates. These instructions are designed to prevent the agent from bypassing safety protocols or lying about work completion.
- [DATA_EXFILTRATION]: Performs
git push originto back up work-in-progress branches. This is standard behavior for the intended development workflow and uses established project configurations rather than unauthorized external endpoints. - [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill's behavior is consistent with its stated purpose of managing a technical workflow and includes robust mechanisms for user oversight.
Audit Metadata