spec-kit-plan
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local shell scripts (
setup-plan.sh,update-agent-context.sh) to initialize the planning environment and sync context. The modification of agent instructions is gated by a mandatory user approval step to prevent unauthorized configuration changes. - [EXTERNAL_DOWNLOADS]: The skill references workflow documentation and templates from the official github/spec-kit repository.
- [DATA_EXFILTRATION]: The skill reads project specification files and writes design artifacts to the local repository. No external transmission of sensitive data or unauthorized network operations were identified.
- [PROMPT_INJECTION]: The instructions focus on document translation and technical design without attempting to bypass agent constraints or override core safety instructions.
Audit Metadata