spec-plan
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions define a documentation-focused workflow for creating implementation plans. It does not contain any code execution, network access, or privilege escalation patterns.
- [SAFE]: Data processing is limited to reading a local specification file (
spec.md) and incorporating human feedback. All generated output is subject to an explicit human approval cycle before finalization, which mitigates risks of indirect prompt injection from the source files. - [SAFE]: The skill explicitly delegates implementation and execution to separate components (e.g.,
spec-implement), ensuring a clear separation of concerns and preventing accidental command execution during the planning phase. - [SAFE]: Although the skill mentions loading task-tracking extensions (e.g.,
beads), these are used within the platform's standard capability framework for organizational purposes and do not introduce unverified remote code execution.
Audit Metadata