speckit
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified in the
/speckit.specifycommand. The skill ingests untrusted user feature descriptions and interpolates them into markdown templates which are subsequently used as the source of truth for planning and task generation. * Ingestion points: Untrusted description argument in/speckit.specify. * Boundary markers: Absent inassets/templates/spec-template.md. * Capability inventory: File system creation and writing viascripts/init_spec_dir.py. * Sanitization: No content validation or escaping is performed on the ingested description before it is written to the specification file. - [DATA_EXFILTRATION]: Path traversal vulnerability in the
scripts/init_spec_dir.pyandscripts/validate_spec.pyutility scripts. These scripts accept directory names and paths as command-line arguments and resolve them usingpathlibwithout sanitizing for parent directory traversal sequences such as '..'. This could theoretically allow an attacker who can influence the command arguments to create or read files outside the intended specification directory structure.
Audit Metadata