speckit-baseline
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script located at '.specify/scripts/bash/create-new-feature.sh'. This command runs script code directly from the repository's internal directories, which can lead to the execution of malicious logic if the codebase being analyzed is untrusted.
- [REMOTE_CODE_EXECUTION]: The workflow relies on executing external scripts stored within the target repository. While these scripts are part of the vendor's automation pattern, their execution environment depends on the integrity of the code being processed.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads arbitrary source files to derive user stories and requirements. Ingestion points: Step 2 reads file content from user-specified paths. Boundary markers: The skill lacks instructions to delimit or ignore potential malicious prompts embedded in the source code. Capability inventory: The agent can execute shell scripts and write to the filesystem. Sanitization: There is no evidence of sanitizing or escaping code content before it is processed by the model for documentation generation.
Audit Metadata