spec-execute
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to parse and execute arbitrary PowerShell commands from the
{FEATURE_DIR}/implementation/plan.mdfile. It lacks a security sandbox or validation layer to ensure the commands are safe or limited to the intended development scope. - [PROMPT_INJECTION]: The skill exhibits a significant vulnerability surface for indirect prompt injection. 1. Ingestion points:
{FEATURE_DIR}/implementation/plan.md(read and processed as the primary source of truth). 2. Boundary markers: None; the instructions explicitly tell the agent to follow the tasks strictly without providing delimiters or warnings to ignore embedded malicious instructions. 3. Capability inventory: Execution of arbitrary shell commands and broad file system access. 4. Sanitization: No sanitization or escaping of task descriptions or command strings is performed before execution. This allows a corrupted or attacker-controlled plan file to redirect the agent's behavior.
Audit Metadata