cmd-speckit-implement
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run "available test and lint commands" to verify implementation. This is a routine part of a software development workflow and is confined to the user's local environment tools.
- [SAFE]: The skill operates on local project artifacts (e.g., tasks.md, plan.md, spec.md) to guide the implementation phase. It follows standard best practices like Test-Driven Development (TDD) and does not exhibit patterns of data exfiltration, credential harvesting, or remote code execution from untrusted sources.
- [SAFE]: The ingestion of local project files creates a surface for indirect prompt injection; however, as the skill is intended for use in a developer's own codebase with their own task files, the risk is negligible.
- Ingestion points:
tasks.md,plan.md,data-model.md,contracts/,research.md,.specify/memory/constitution.md,spec.md, andFEATURE_DIR/checklists/. - Boundary markers: Absent.
- Capability inventory: File system write access (code/tests), file system read access (documentation), and command execution (test/lint tools).
- Sanitization: Absent.
Audit Metadata