Skills
skills/richfrem/agent-plugins-skills/spec-kitty-implement/Gen Agent Trust Hub

spec-kitty-implement

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the spec-kitty CLI tool and git to handle workspace creation and task management. These operations are consistent with the documented software development workflow.\n- [PROMPT_INJECTION]: The workflow involves an indirect prompt injection surface where the agent processes large-scale instructions (~1000 lines) emitted by the spec-kitty tool output.\n
  • Ingestion points: Standard output of the spec-kitty agent workflow implement command.\n
  • Boundary markers: Not specified; the agent is instructed to read the entire output to find completion commands.\n
  • Capability inventory: The agent is authorized to modify files within worktrees and execute version control commands.\n
  • Sanitization: The instructions do not describe any sanitization or verification of the external tool output before the agent acts upon it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:08 PM