spec-implementation-execute
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to parse and execute arbitrary PowerShell commands listed in the
{FEATURE_DIR}/implementation/plan.mdfile. It explicitly states it will execute tasks from this file as a 'Single Source of Truth'. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from a markdown file and executes instructions found within.
- Ingestion points:
{FEATURE_DIR}/implementation/plan.mdand referenced design/requirement files. - Boundary markers: None identified. The skill is instructed to strictly follow the steps in the plan without modification.
- Capability inventory: The skill can execute arbitrary PowerShell commands, create/modify files in the feature directory, and source local PowerShell scripts.
- Sanitization: No sanitization or validation of the commands extracted from the plan file is mentioned.
- [EXTERNAL_DOWNLOADS]: The skill sources a local script file
skills\spec-context\scripts\spec-common.ps1relative to the repository root. This is documented as a standard internal dependency within the agent's environment.
Audit Metadata