Skills
skills/peterfile/devpilot-agents/kiro-specs/Gen Agent Trust Hub

kiro-specs

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a bash script within its detection logic to verify the presence of workspace directories and specification files.
  • Evidence: Found in SKILL.md, the script uses standard commands like ls and file test operators (-d, -f) to check the .kiro/specs/ path.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user ideas and external research data which are then used to guide subsequent implementation tasks.
  • Ingestion points: User-provided feature descriptions in phase-1-requirements.md and content retrieved via web searches or MCP tools during the research phase described in phase-2-design.md.
  • Boundary markers: The instructions lack explicit delimiters or markers to isolate ingested data from agent instructions.
  • Capability inventory: The skill has the capability to read/write files within the workspace (.kiro/specs/) and implement code changes during the execution phase (phase-4-execute.md).
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the data processed during the requirements and design phases.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 03:56 PM