spec-add
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local utility commands
ccw spec initandccw spec rebuildto manage its internal specification index. These operations are restricted to the skill's specific environment and do not execute external or untrusted code.\n- [DATA_EXFILTRATION]: It accesses the directory~/.ccw/personal/within the user's home folder to store global preferences. This access is limited to the application's dedicated data folder and does not involve sensitive system files or network transmission.\n- [PROMPT_INJECTION]: The skill ingests user-supplied text to update project guidelines. While this creates a surface for indirect prompt injection—where future instructions could be influenced by current inputs—this is the fundamental purpose of the tool and is performed within the user's local context.
Audit Metadata