spec-implement
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill workflow begins by executing a local shell script:
.specify/scripts/bash/check-prerequisites.sh. This provides a direct path for executing arbitrary logic present in the skill's directory. - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It processes untrusted data to drive its core execution phase.
- Ingestion points: Processes data from
tasks.md,plan.md, anddata-model.mdto define implementation steps. - Boundary markers: Absent. There are no instructions to the agent to treat the content of these files as data rather than instructions, nor are there delimiters to separate task content from system instructions.
- Capability inventory: The skill executes bash scripts, creates/modifies files across the project directory (e.g., ignore files), and performs implementation for multiple programming languages, which typically involves package management and runtime execution.
- Sanitization: None detected. The agent is instructed to 'Parse tasks' and 'Execute' them directly without validation.
- EXTERNAL_DOWNLOADS (MEDIUM): The technology patterns for Node.js, Python, Go, and Rust imply the use of package managers (npm, pip, etc.) during the 'Setup' and 'Integration' phases. If the
tasks.mdfile is poisoned, it could lead to the installation of malicious third-party dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata