spec-driven-dev
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): Automated security scanners identified a blacklisted malicious URL within the 'requirements.md' file. Per the safety guidelines, a confirmed detection on a file or URL requires a CRITICAL verdict. While the content of the file itself was not included in this analysis, the external detection indicates the presence of malicious infrastructure.\n- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface (Category 8) by defining how user-provided data is ingested into the agent's workflow.\n
- Ingestion points: The 'assets/requirements-template.md' and 'assets/tasks-template.md' files are used to collect untrusted user specifications.\n
- Boundary markers: There are no explicit delimiters or system instructions present to isolate user-provided text from the agent's execution logic.\n
- Capability inventory: The skill is designed to guide an agent in complex code generation and system design, tasks that involve writing code with potential file system and network access.\n
- Sanitization: There is no evidence of input validation or sanitization procedures to prevent malicious instructions from being interpreted as valid system requirements.\n- NO_CODE (SAFE): All files provided in this set are documentation and templates. No executable scripts, binaries, or active code components were detected in the provided file selection.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata