spec-implementation-plan
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a PowerShell block to identify the repository root and source a local environment configuration script (
spec-common.ps1). It also instructs the agent to generate specific PowerShell commands for implementation tasks within theplan.mdoutput. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from requirement and design documents to generate implementation plans that contain executable tasks.
- Ingestion points: Reads data from
{FEATURE_DIR}/requirements/solution.md,{FEATURE_DIR}/requirements/prd.md, and{FEATURE_DIR}/design/design.md. - Boundary markers: The skill does not use delimiters or safety instructions to wrap or isolate content interpolated from input files into the plan template.
- Capability inventory: The skill writes to the local file system (
plan.md) and generates shell commands intended for execution in subsequent workflow stages. - Sanitization: No validation, escaping, or filtering of the extracted text from requirement or design documents is performed prior to inclusion in the generated implementation plan.
Audit Metadata