specify-incremental

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes content from external specification files (requirements.md and solution.md) which serve as untrusted data sources. This content is used to generate plans and coordinate sub-agents, creating a surface for indirect prompt injection.
  • Ingestion points: The workflow reads requirements.md and solution.md from the target specification directory.
  • Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded instructions within the ingested files.
  • Capability inventory: The skill performs file writing operations (plan/README.md, plan/phase-N.md) and orchestrates parallel specialist agents.
  • Sanitization: Absent. No content validation or escaping is performed on the ingested data.
  • [COMMAND_EXECUTION]: The skill uses the $ARGUMENTS variable to define the target specification and associated file paths. This pattern is vulnerable to path traversal if the input is not sanitized, potentially allowing the skill to read from or write to unintended system directories.
  • Evidence: User-supplied arguments are used to construct paths like .start/specs/[NNN]-[name]/plan/README.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 10:41 AM
Security Audit — agent-trust-hub — specify-incremental