Skills
skills/kw12121212/auto-spec-driven/spec-driven-review/Gen Agent Trust Hub

spec-driven-review

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Node.js script located at scripts/spec-driven.js to manage and audit code changes. These commands are used to list active changes, apply changes, and perform mapping audits.- [PROMPT_INJECTION]: The skill processes data from repository files (proposals, specs, design documents) which are ingested into the agent context.
  • Ingestion points: Reads files such as .spec-driven/changes/<name>/proposal.md, delta specs in .spec-driven/changes/<name>/specs/, and config.yaml.
  • Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the ingested files.
  • Capability inventory: The skill utilizes shell-based execution of Node.js scripts (modify, apply, audit) based on the gathered context.
  • Sanitization: No specific sanitization or validation steps for the content of the ingested project files are described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 03:13 PM