spec-tasks
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The workflow triggers the execution of
.specify/scripts/bash/check-prerequisites.sh. Executing shell scripts is a high-risk capability as it can be used to perform unauthorized actions on the local system if the script content is malicious or manipulated. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection due to its ingestion of untrusted external data.
- Ingestion points: Untrusted data is read from
plan.md,spec.md,data-model.md, and thecontracts/directory. - Boundary markers: Absent. No delimiters are used to separate user data from agent instructions.
- Capability inventory: The skill can read and write local files and execute shell scripts.
- Sanitization: Absent. There is no validation or filtering of the ingested content before it influences the task generation process or setup script execution.
Audit Metadata