spec-implement
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the 'bd' (beads) CLI tool and 'git'. Variables such as feature labels, task IDs, and commit messages are retrieved from the plan.json file and interpolated directly into shell commands. This creates a potential command injection surface if the project's plan files are maliciously modified.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes instructions from external files.
- Ingestion points: The skill reads structured tasks and natural language instructions from 'docs/specs/.../plan.json' and 'docs/specs/.../spec.md'.
- Boundary markers: There are no defined delimiters or instructions to treat data from these files as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has extensive shell capabilities including task management via 'bd', git operations, and the execution of project test suites which can run arbitrary code stored in the repository.
- Sanitization: No sanitization or validation of the input from the plan or spec files is mentioned before the data is used to drive agent actions or shell execution.
Audit Metadata