spec-init
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local system operations using
gitand shell utilities to manage repository state and file structures. - Evidence: Both
spec-create-branch.shandspec-create-branch.ps1executegit checkout -b,git fetch, and file system commands likemkdirandrmto initialize the spec environment.- [PROMPT_INJECTION]: The skill processes untrusted requirement text provided by users, creating an indirect prompt injection surface. - Ingestion points: User-supplied text is written to a temporary file (
_sdlc-raw-temp.md) or read from a user-provided path via the$SourceFilePathparameter inscripts/spec-create-branch.ps1andscripts/spec-create-branch.sh. - Boundary markers: Absent; raw text is processed without delimiters or instructions to ignore embedded instructions.
- Capability inventory: The skill has permissions to create/delete files and manage git branches within the repository.
- Sanitization: Branch names and directory names are validated against a strict kebab-case regex in the bash implementation, but the content of the requirement text itself is written to
requirements/raw.mdwithout sanitization or filtering.
Audit Metadata