speckit-wizard
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: Analysis of the skill instructions and code structures reveals no malicious patterns, prompt injections, or unauthorized data exfiltration attempts.
- [COMMAND_EXECUTION]: The skill defines a workflow that executes user-configured build and test commands (e.g., npm run build, npm test) during the implementation phase. These are handled via the Ralph iteration loop and Archon task manager.
- [PROMPT_INJECTION]: The skill processes untrusted user data (feature descriptions) to generate code and tasks. • Ingestion points: Feature descriptions provided during the Phase 1 Wizard. • Boundary markers: Uses structured markdown and YAML frontmatter for data extraction. • Capability inventory: File system writing (specs, checklists), task management (Archon), and command execution (validation loops). • Sanitization: No explicit sanitization of user descriptions is defined before they are incorporated into generated specifications.
Audit Metadata