skills/akillness/jeo-skills/spec-kit/Gen Agent Trust Hub

spec-kit

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the specify-cli tool from the official GitHub organization repository (github.com/github/spec-kit), which is a trusted source. It also provides installation commands via the author's repository on GitHub, consistent with vendor distribution practices.
  • [REMOTE_CODE_EXECUTION]: The scripts/install.sh file includes a documented instruction for installing the uv tool from astral.sh. Astral is a well-known technology provider, and the command is presented as an informative error message for manual setup rather than being executed automatically by the skill.
  • [COMMAND_EXECUTION]: The skill uses standard package managers and the specify CLI to perform project initialization and drive the development pipeline. These operations are within the expected scope of a development-oriented agent skill.
  • [DATA_EXPOSURE]: No unauthorized access to sensitive files or environment variables was detected. The skill primarily interacts with specification files and configuration within the local project directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:07 AM
Security Audit — agent-trust-hub — spec-kit