spec-driven-propose
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes a bundled Node.js script 'spec-driven.js' via 'node' to scaffold change artifacts and performs directory checks using 'ls'.
- [PROMPT_INJECTION]: Instructions explicitly direct the agent to skip user confirmation and follow-up questions during the proposal generation stage ("Do not ask follow-up questions or require confirmation during the proposal stage"). This pattern increases autonomy and reduces human-in-the-loop validation.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted project files and specifications. Ingestion points: Reads '.spec-driven/config.yaml' and markdown files within '.spec-driven/specs/'. Boundary markers: Absent from processing logic. Capability inventory: Filesystem write access to '.spec-driven/changes/' and execution of Node.js scripts. Sanitization: Not identified; content from input files is derived directly into new proposal artifacts.
Audit Metadata