cmd-speckit-checklist
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill accesses local project files such as
spec.md,plan.md,tasks.md, and.specify/memory/constitution.md. These file reads are necessary for its primary function of generating checklists based on existing project documentation. - [COMMAND_EXECUTION]: The skill instructs the agent to create new markdown files within the project directory. This file-writing behavior is the intended output of the skill.
- [INDIRECT_PROMPT_INJECTION]: The skill processes content from external files (
spec.md, etc.) to produce its output. This creates a surface for indirect prompt injection if those files contain adversarial content, though this is a common risk for tools that process documentation.
Audit Metadata