spec-driven-dev
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes structured rules and "gate" criteria to define operational boundaries for the agent. These instructions are pedagogical and procedural, intended to prevent the agent from skipping steps in the development process. There are no attempts to bypass safety filters or override system-level constraints.
- [DATA_EXFILTRATION]: No unauthorized network operations or data access patterns were detected. The skill explicitly instructs agents to remove secrets from code and logs, and to use parameterized queries, which are standard defensive programming practices.
- [COMMAND_EXECUTION]: The templates provided in the skill contain placeholders for standard development commands (e.g., install, test, and build). These are user-facing placeholders for legitimate project maintenance and do not involve hidden or malicious command execution.
- [SAFE]: The skill is a process-oriented framework that promotes code quality and security. It encourages the use of feature flags, rollback plans, and rigorous testing, which generally improves the security posture of the resulting software.
Audit Metadata