speckit-specify
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local shell script located at
.specify/scripts/bash/create-new-feature.shusing the user's natural language feature description as a command-line argument. This creates a risk of command injection if the input is not perfectly sanitized by the agent before being passed to the shell. - [PROMPT_INJECTION]: The skill processes untrusted user input (the feature description) and interpolates it into shell commands and file writes. There is a lack of robust boundary markers or sanitization steps to prevent indirect prompt injection, where a user could provide a description that overrides the skill's logic or forces the agent to perform unintended actions.
- Ingestion points: User-provided feature description (identified in Step 4.1).
- Boundary markers: Absent. The skill does not define delimiters to separate user input from system instructions.
- Capability inventory: Execution of bash/PowerShell scripts, directory creation, file writes to
specs/, and Git operations (git fetch,git ls-remote). - Sanitization: The skill provides minimal guidance to the agent on escaping single quotes for shell arguments, which is insufficient to prevent sophisticated injection attacks.
Audit Metadata