spec-stack
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches software components from the official GitHub repository for spec-kit (github.com/github) and standard package registries (PyPI) for tools like spec-kit and cli-anything-hub.\n- [REMOTE_CODE_EXECUTION]: The installation script contains a suggested command in an error message to install the 'uv' package manager via a remote shell script from its official domain (astral.sh) if it is missing from the system.\n- [COMMAND_EXECUTION]: Performs automated installation and orchestration using shell scripts and CLI tools including specify-cli, cli-hub, and ouroboros.\n- [PROMPT_INJECTION]: Processes external specification documents which creates an attack surface for indirect prompt injection.\n
- Ingestion points: Reads requirements and technical plans from files like
spec.md,plan.md, and the.specify/directory.\n - Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are defined for processing these external documents.\n
- Capability inventory: Access to shell execution (Bash), file system operations (Read/Write), and network access (WebFetch) are available to the skill.\n
- Sanitization: Content from the specification documents is used directly in the verification loop without explicit sanitization or validation of embedded instructions.
Audit Metadata