spec
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a transparent and highly structured development workflow. Each phase is clearly defined in its own file (e.g.,
phases/requirements.md,phases/design.md) and uses templates to maintain consistency. - [COMMAND_EXECUTION]: During the implementation phase (
phases/impl.md), the skill identifies and executes local project verification commands (such as linting, type-checking, and running tests). These commands are discovered from standard project files likepackage.json,Makefile, orpyproject.toml, which is standard behavior for development-oriented AI agents. - [EXTERNAL_DOWNLOADS]: The discovery guidelines (
rules/discovery.md) recommend using documentation lookup, web search, and fetch tools to verify library APIs and third-party service contracts. This is conducted for research purposes to ensure design accuracy and is consistent with the skill's stated purpose of technical planning. - [PROMPT_INJECTION]: The skill uses subcommands (
/spec init,/spec requirements, etc.) and a routing mechanism inSKILL.mdto guide the agent's behavior. The instructions are professional and focused on the development process without any attempts to bypass safety filters or override system-level instructions. - [SAFE]: The skill includes a 'Self-Review via Subagent' pattern (
rules/self-review.md) which uses a fresh agent context to validate generated artifacts (like design or requirements documents) against specific quality criteria before they are presented to the user. This serves as a robustness and quality control measure.
Audit Metadata