spec-setup
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands to discover the project environment and manage state.
- Evidence: Uses
git rev-parse --show-toplevelto identify the project root andtest -fto check for existing configuration files (SKILL.md). - Evidence: Invokes
ccw spec initandccw spec rebuildto manage local project specifications. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted local project data to inform its setup process.
- Ingestion points: Analyzes project structure and files (e.g.,
package.json,requirements.txt,go.mod) through a subagent (cli_explore_agent) to determine the technology stack and architecture (SKILL.md). - Boundary markers: The instructions provided to the subagent lack explicit delimiters or instructions to ignore potential commands embedded within the project files being analyzed.
- Capability inventory: The skill has access to powerful tools including
Bash,Write,Edit, andspawn_agent, which could be abused if the analysis phase is compromised. - Sanitization: There is no evidence of sanitization or validation of project-derived content before it is passed to the analysis agent.
Audit Metadata