spec-kit

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the specify-cli tool directly from the official GitHub organization repository (github/spec-kit) using the uv or pipx package managers. It also references the official installation script for the uv tool from Astral's domain.
  • [REMOTE_CODE_EXECUTION]: The scripts/install.sh script automates the installation of the specify-cli from a remote Git repository. Additionally, the script contains documentation in the form of an informational message suggesting the use of a piped shell script (curl | sh) to install the uv package manager if it is missing from the environment.
  • [COMMAND_EXECUTION]: The skill uses bash and CLI commands to manage the SDD pipeline, including project initialization (specify init) and executing agent-specific command routines defined in the .specify/ directory.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The skill processes project-specific data including constitution templates, requirements specifications, and task files stored in the .specify/ directory.
  • Boundary markers: None explicitly defined in the skill instructions to delimit untrusted user content from agent instructions.
  • Capability inventory: The skill has access to shell execution (Bash), file system modification (Write, Edit), and CLI tool execution (specify).
  • Sanitization: No explicit sanitization or validation of the processed specification files is performed before they are used to drive the agent's SDD pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:19 AM
Security Audit — agent-trust-hub — spec-kit