Skills
skills/vineethsoma/agent-packages/spec-driven-development/Gen Agent Trust Hub

spec-driven-development

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill's instructions (spec-first.instructions.md) require the installation of the github/spec-kit CLI tool from https://github.com/github/spec-kit. This organization and repository are not included in the explicitly trusted external sources list, classifying it as an unverifiable dependency.
  • COMMAND_EXECUTION (LOW): The spec-author.agent.md defines an agent with execute permissions. The prompt instructions guide the agent to use /speckit.* commands which are handled by the external CLI. This capability allows for the execution of arbitrary shell commands if the agent's instructions are bypassed.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data ingestion pattern.
  • Ingestion points: The skill reads user-controlled data from specs/{feature-id}/spec.md in .apm/prompts/clarify-spec.prompt.md.
  • Boundary markers: There are no protective delimiters or instructions to ignore embedded commands when reading the specification files.
  • Capability inventory: The agent possesses read, edit, search, and execute tools, creating a risk surface where malicious content in a spec file could trigger unauthorized system actions.
  • Sanitization: No sanitization or validation of the specification file content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 04:24 PM