spec-plan
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill invokes local bash scripts located at
.specify/scripts/bash/setup-plan.shand.specify/scripts/bash/update-agent-context.sh. Since the source code for these scripts is not provided within the skill definition, they represent an unverified execution vector that could perform arbitrary system operations. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes data from external files.
- Ingestion points: Reads
spec.mdandconstitution.mdfrom the project directory. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: Execution of local bash scripts and the ability to generate/write multiple documentation files.
- Sanitization: Absent; the workflow does not include validation or escaping of the content read from the specification files.
Audit Metadata