speckit-updater
Warn
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute PowerShell scripts using
pwsh -NoProfile. This allows for broad command execution capabilities on the host system. - [COMMAND_EXECUTION]: The instructions for the agent include hardcoded absolute file paths targeting a specific user's home directory (
C:\Users\bobby\.claude\skills\speckit-updater\scripts\update-wrapper.ps1). This reveals local environment details and creates a dependency on a specific local path that could be leveraged for path-based attacks or indicate targeting. - [EXTERNAL_DOWNLOADS]: The skill fetches templates and update information from the GitHub Releases API at runtime.
- [REMOTE_CODE_EXECUTION]: The skill is designed to download and apply updates to project files from a remote source (GitHub). If the downloaded content contains executable scripts or configuration files that the agent subsequently processes or executes, this constitutes a remote code execution vector.
- [PROMPT_INJECTION]: The skill relies on parsing specific markers (
[PROMPT_FOR_APPROVAL],[PROMPT_FOR_INSTALL]) from script output and external data from GitHub. This creates a surface for indirect prompt injection where malicious content from the project files or the remote API could manipulate the agent's decision-making process or trigger the-Proceedflag without valid intent.
Audit Metadata