spec-driven-apply
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local utility script
spec-driven.jsvia Node.js to modify and apply change sets. - [COMMAND_EXECUTION]: The agent is instructed to run arbitrary project commands such as linting and unit tests to verify implementation tasks.
- [PROMPT_INJECTION]: The skill contains highly emphatic instructions directing the agent to ignore all prior conversational context. This is implemented as a reliability measure to ensure the agent uses the repository files as the sole source of truth for the change specification.
- [PROMPT_INJECTION]: Indirect prompt injection surface exists as the skill reads and acts upon tasks and instructions defined in repository files.
- Ingestion points: Files within the
.spec-driven/directory (e.g.,tasks.md,proposal.md). - Boundary markers: Absent; the agent is instructed to treat file content as authoritative instructions.
- Capability inventory: File system modification, local script execution, and project test execution.
- Sanitization: Absent.
Audit Metadata