spec-driven-eval

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local shell commands to identify code changes and run quality checks during the evaluation process.
  • Evidence: Instructions call for the use of git diff and git status to establish the analysis scope, and require running project-defined build and test commands as 'Engineering Gates'.
  • [REMOTE_CODE_EXECUTION]: The framework requires the agent to generate and execute short code snippets to perform arithmetic calculations, ensuring score reproducibility.
  • Evidence: The methodology mandates using node -e or python3 -c to compute roll-up values from binary checklist results, ensuring accurate data aggregation.
  • [PROMPT_INJECTION]: The skill processes untrusted external artifacts, including product requirements and implementation code, which presents a surface for indirect prompt injection.
  • Evidence: The evaluation process involves scanning PRD text and source code files for specific evidence. The skill includes methodology controls, such as evidence-based scoring and read-only access, to mitigate the risk of adversarial instructions in processed data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:56 PM
Security Audit — agent-trust-hub — spec-driven-eval