cmd-speckit-analyze
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill accesses local project documentation artifacts such as spec.md, plan.md, and tasks.md. This access is restricted to the intended project scope and is necessary for performing consistency validation.
- [SAFE]: While the skill includes a remediation step to fix findings, this capability is explicitly gated by a requirement for user confirmation, preventing automated or unauthorized file modifications.
- [PROMPT_INJECTION]: The skill ingests data from untrusted local markdown files (ingestion points) without using boundary markers or sanitization. This is noted as an indirect prompt injection surface; however, the risk is mitigated because the tool only proposes edits that require manual user review and approval (capability inventory).
- [SAFE]: No obfuscation, remote code execution, or data exfiltration patterns were detected in the skill instructions. The behavior is consistent with the stated purpose of a documentation analysis tool.
Audit Metadata