spec-driven-eval
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands to identify code changes and run quality checks during the evaluation process.
- Evidence: Instructions call for the use of
git diffandgit statusto establish the analysis scope, and require running project-defined build and test commands as 'Engineering Gates'. - [REMOTE_CODE_EXECUTION]: The framework requires the agent to generate and execute short code snippets to perform arithmetic calculations, ensuring score reproducibility.
- Evidence: The methodology mandates using
node -eorpython3 -cto compute roll-up values from binary checklist results, ensuring accurate data aggregation. - [PROMPT_INJECTION]: The skill processes untrusted external artifacts, including product requirements and implementation code, which presents a surface for indirect prompt injection.
- Evidence: The evaluation process involves scanning PRD text and source code files for specific evidence. The skill includes methodology controls, such as evidence-based scoring and read-only access, to mitigate the risk of adversarial instructions in processed data.
Audit Metadata