speckit-implement
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill initiates a local prerequisite check by running
.specify/scripts/powershell/check-prerequisites.ps1and utilizes standard git commands (git rev-parse) to verify repository status. - [PROMPT_INJECTION]: The skill processes and executes instructions found in local project files, creating a vulnerability surface for indirect prompt injection.
- Ingestion points:
tasks.md,plan.md,data-model.md, and checklists in the.specify/or feature directory. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: The skill allows the agent to modify the file system (e.g., creating
.gitignore,.dockerignore) and execute arbitrary shell commands required by the implementation tasks. - Sanitization: The skill provides specific instructions to escape single quotes in user arguments (
$ARGUMENTS) to prevent command injection at the prerequisite check step.
Audit Metadata