speckit-implement
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a repository-local bash script at
.specify/scripts/bash/check-prerequisites.shand runsgitcommands (e.g.,git rev-parse) to determine project state. Running scripts from the repository assumes the repository environment and its local scripts are trustworthy.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as its core logic is driven by the contents of external markdown files. - Ingestion points: Reads implementation tasks and architectural requirements from
specs/<feature>/tasks.mdandplan.md. - Boundary markers: There are no markers or instructions used to distinguish between the skill's own logic and potentially malicious instructions embedded in the task files.
- Capability inventory: The skill has the capability to execute shell commands (for setup and testing) and perform wide-ranging file system writes to the codebase.
- Sanitization: The skill does not validate or sanitize the content of the tasks before attempting to execute the implementation steps described within them.
Audit Metadata