spec-specify
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill runs a local bash script (
.specify/scripts/bash/create-new-feature.sh) using user-provided feature descriptions as arguments. If the underlying script does not properly escape or sanitize the input within the JSON payload, shell metacharacters could be exploited to execute unauthorized commands. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted natural language and interpolates it into specifications and checklists. 1. Ingestion points: Natural language feature descriptions in Step 1. 2. Boundary markers: Absent; input is directly filled into Markdown templates. 3. Capability inventory: Execution of local bash scripts and writing to the project file system. 4. Sanitization: No explicit validation or escaping of user input is performed before processing.
- [EXTERNAL_DOWNLOADS] (LOW): An automated scanner flagged the path
requirements.mdas a malicious URL. This appears to be a false positive identifying a local checklist file as a remote resource; however, the skill's reliance on external scripts in the.specify/directory should be independently verified.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata