implement
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external specification files from the
specs/directory to generate code and tasks. This creates a surface for indirect prompt injection, where an attacker could embed malicious instructions within a specification file that the agent might inadvertently execute during the implementation phase. - Ingestion points: Processes Markdown specification files and implementation plans from
specs/and.specify/memory/plans/. - Boundary markers: No specific delimiters or safety warnings are implemented to differentiate between descriptive specifications and potential instructions to the agent.
- Capability inventory: The skill allows for file system modifications, Git operations (including
push), and the execution of the/speckit.implementtool. - Sanitization: No explicit validation or filtering of specification content is defined before it is used to drive the implementation workflow.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell-based commands and platform-specific tools to manage the development lifecycle.
- Evidence: The skill utilizes Git for branch management (
git checkout -b,git commit,git push) and invokes specialized implementation and validation tools (/speckit.implement,/speckit.tasks,/stackshift.validate,/stackshift.review).
Audit Metadata