speckit-constitution
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations (read/write) on project-specific configuration and documentation files within the
.specify/,.claude/,.codex/,.gemini/, and.github/directories. These operations are aligned with the stated purpose of maintaining project governance and template consistency. - [DATA_EXFILTRATION]: No network operations or external data transfers were detected. The skill's scope is limited to the local repository environment.
- [PROMPT_INJECTION]: The instructions do not contain patterns intended to bypass safety filters or override agent behavior. While it processes user-supplied principles into documents, it lacks high-privilege capabilities (like network access or arbitrary code execution) that would typically elevate the risk of indirect prompt injection.
Audit Metadata