spec-checklist
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill's workflow automatically executes a local bash script
.specify/scripts/bash/check-prerequisites.sh --jsonduring the setup phase. Executing scripts from the skill directory can lead to arbitrary code execution on the user's machine if the script content is malicious or modified. - PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its high-privilege capabilities combined with external data ingestion.
- Ingestion points: The skill reads external files including
spec.md,plan.md, andtasks.mdto load context. - Boundary markers: Absent. The instructions do not define clear delimiters or instruct the agent to ignore instructions embedded within the loaded context files.
- Capability inventory: The skill has the capability to execute bash scripts (via
check-prerequisites.sh) and write new files to the filesystem (FEATURE_DIR/checklists/[domain].md). - Sanitization: Absent. There is no evidence of sanitization, filtering, or validation of the content read from the markdown files before it is used to influence the agent's behavior or file-writing operations.
Recommendations
- AI detected serious security threats
Audit Metadata