sparc-methodology
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill invokes the @claude-flow/cli package using npx, which downloads and executes code from the public npm registry at runtime.
- [COMMAND_EXECUTION]: The skill executes local shell scripts to automate the development workflow. Evidence: scripts/sparc-init.sh uses mkdir and touch to initialize a project documentation structure. Evidence: scripts/sparc-review.sh performs file existence checks using standard shell conditionals.
- [PROMPT_INJECTION]: The skill's command templates in SKILL.md interpolate user-defined strings (such as requirements and features) into shell arguments, creating an indirect prompt injection surface. 1. Ingestion points: Placeholder variables [requirements], [feature], and [design] in the SKILL.md file. 2. Boundary markers: No delimiters or ignore instructions are used to wrap the injected content. 3. Capability inventory: Subprocess execution of external CLI tools and local scripts with filesystem write access. 4. Sanitization: No escaping or validation is performed on the user-provided data before it is passed to the command line.
Audit Metadata