spec-stack

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches software components from the official GitHub repository for spec-kit (github.com/github) and standard package registries (PyPI) for tools like spec-kit and cli-anything-hub.\n- [REMOTE_CODE_EXECUTION]: The installation script contains a suggested command in an error message to install the 'uv' package manager via a remote shell script from its official domain (astral.sh) if it is missing from the system.\n- [COMMAND_EXECUTION]: Performs automated installation and orchestration using shell scripts and CLI tools including specify-cli, cli-hub, and ouroboros.\n- [PROMPT_INJECTION]: Processes external specification documents which creates an attack surface for indirect prompt injection.\n
  • Ingestion points: Reads requirements and technical plans from files like spec.md, plan.md, and the .specify/ directory.\n
  • Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are defined for processing these external documents.\n
  • Capability inventory: Access to shell execution (Bash), file system operations (Read/Write), and network access (WebFetch) are available to the skill.\n
  • Sanitization: Content from the specification documents is used directly in the verification loop without explicit sanitization or validation of embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:19 AM
Security Audit — agent-trust-hub — spec-stack