spec-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill defines a set of purely instructional guidelines for a software development lifecycle (requirements, design, task planning). No malicious patterns, obfuscation, or dangerous command execution were detected.
- [NO_CODE]: The skill consists entirely of Markdown instructions and metadata. It does not include any scripts (Python, JavaScript, Shell) or binary executables, significantly reducing the attack surface.
- [COMMAND_EXECUTION]: While the skill mentions a 'Phase 4: Task Execution', it does not provide or mandate specific dangerous commands; it relies on the agent's general capabilities to fulfill the tasks broken down in Phase 3. The workflow requires explicit user confirmation at every phase, which acts as a manual security gate.
- [DATA_EXPOSURE]: The skill instructions involve writing project documentation and task lists to a local directory (
specs/). This behavior is transparent and aligned with the skill's stated purpose of software engineering documentation.
Audit Metadata