agent-spec-tool-first
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
agent-specbinary if it is not already present on the system. - Evidence:
command -v agent-spec || cargo install agent-specfound inSKILL.md. - This uses the official Rust package registry (crates.io) to fetch the tool.
- [COMMAND_EXECUTION]: The skill's primary functionality is built around executing the
agent-specCLI tool and version control commands. - Evidence: Execution of various subcommands including
agent-spec contract,agent-spec lifecycle,agent-spec guard, andagent-spec resolve-ai. - Evidence: Interaction with Git and Jujutsu (jj) version control systems for checking file status and applying git trailers.
- [PROMPT_INJECTION]: The skill processes untrusted external data in the form of
.specfiles, which define the 'Contract' the agent must follow. - Ingestion points: Specification files (e.g.,
specs/*.spec) are loaded from the project directory. - Boundary markers: The workflow uses structured sections such as
Intent,Decisions,Boundaries, andCompletion Criteriato define constraints. - Capability inventory: The agent can run CLI commands, read/write files in the workspace, and interact with the repository's version control.
- Sanitization: The skill implements a quality gate using
agent-spec lintandagent-spec parseto validate the structure and clarity of the input specifications before they are acted upon.
Audit Metadata