Skills
skills/gsmlg-dev/code-agent/cmd-speckit-specify/Gen Agent Trust Hub

cmd-speckit-specify

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data and provides it to the agent context without sufficient safeguards.
  • Ingestion points: Untrusted data enters the agent context via the {{INPUT}} placeholder in SKILL.md (mapping the user request) and by reading the contents of .specify/memory/constitution.md (Step 3).
  • Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to ignore or isolate potentially malicious instructions embedded in the user input or the project configuration file.
  • Capability inventory: The skill performs local file read operations (reading .specify/memory/constitution.md) and local file write operations (writing to spec.md or paths within .specify/specs/). It does not exhibit network access or arbitrary command execution capabilities.
  • Sanitization: Absent. There is no evidence of content validation, escaping, or filtering applied to the input data before it is processed or written to files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 07:41 AM
Security Audit — agent-trust-hub — cmd-speckit-specify