Skills
skills/xbklairith/kisune/spec-driven-planning/Gen Agent Trust Hub

spec-driven-planning

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses ls and mkdir commands to organize feature directories in docx/features/, which is consistent with its stated purpose of documentation management.
  • [COMMAND_EXECUTION]: It employs curl as a tool for researching API documentation and exploring technical endpoints during the requirements and design phases.
  • [EXTERNAL_DOWNLOADS]: Web research is conducted using WebSearch and WebFetch to incorporate best practices and technical standards into the generated planning documents.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting external content from the internet to inform its planning output. Ingestion points include summaries written to requirements.md and design.md. The capability inventory includes file writes and network requests, but the risk is considered low and associated with the primary purpose of research.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 12:45 AM