spec-driven-resync-code-mapping
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
nodeto run a local auditing script (scripts/spec-driven.js) andlsfor directory verification. Arguments for these commands are derived from user-provided paths and repository metadata. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and interpreting potentially untrusted data from project files to automate mapping repairs.
- Ingestion points: Specification files (e.g.,
.spec-driven/specs/INDEX.md), implementation files, and test files found throughout the repository (SKILL.md). - Boundary markers: Absent; the instructions do not specify the use of delimiters or provide directives for the agent to ignore instructions embedded within the analyzed content.
- Capability inventory: The skill can execute Node.js scripts (specifically
scripts/spec-driven.js) and perform file system writes to update specification frontmatter (SKILL.md). - Sanitization: Absent; the instructions do not describe any validation or sanitization for the content read from the repository before it is processed by the agent.
Audit Metadata