specdev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill implements a CLI tool for managing local project documentation. It performs routine file operations such as reading, writing, and moving files within a specialized
.specs/directory to track project progress. - [EXTERNAL_DOWNLOADS] (LOW): The Windows initialization script (
specdev.ps1) automatically executesbun installif thenode_modulesdirectory is absent. This is standard behavior for Node.js/Bun development tools to manage their own dependencies from the public npm registry. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from local markdown and YAML files. While this represents a surface for indirect prompt injection if an attacker modifies these project files, the tool handles the data as structured input for reporting and does not use it in executable contexts (e.g.,
evalor shell execution). - Ingestion points: Files located in
.specs/active/(specificallytasks.yaml,spec.md, andplan.md) are read viafs.readFileSync. - Boundary markers: The CLI outputs data to the agent as structured JSON, which helps the agent distinguish tool data from its own instructions.
- Capability inventory: The tool is limited to filesystem operations (
mkdir,writeFile,rename) within the project scope. It does not possess network or shell execution capabilities. - Sanitization: The tool uses a standard YAML parser (
yamlpackage) andJSON.parsefor input handling, ensuring data is processed according to strict schemas.
Audit Metadata