Skills
skills/aircury/ai-framework/spec-kit-tasks/Gen Agent Trust Hub

spec-kit-tasks

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill focuses on reading and writing local project artifacts within a specific directory structure (specs/changes/). It does not use external network calls, execute shell commands, or handle sensitive credentials.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted documentation files to generate a task list that guides future agent actions.
  • Ingestion points: Reads specs/changes/<name>/plan.md, specs/changes/<name>/spec.md, and optional checklist files.
  • Boundary markers: None identified in the loading logic.
  • Capability inventory: Limited to reading and writing local markdown files; no network or shell execution capabilities requested.
  • Sanitization: No specific content validation or escaping is applied to the ingested text before generation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 09:18 PM
Security Audit — agent-trust-hub — spec-kit-tasks