spec-driven-implementation

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill facilitates a legitimate software development workflow. It operates on local project documentation and source code files to track TDD progress, which is consistent with its stated purpose.
  • [PROMPT_INJECTION]: The skill reads project-specific documentation (requirements.md and design.md) to generate implementation tasks, creating an attack surface for indirect prompt injection if these files originate from an untrusted source. Ingestion points: requirements.md, design.md. Boundary markers: Absent. Capability inventory: File modification via the Edit tool and interaction with git-workflow. Sanitization: None identified for processed file content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:46 PM
Security Audit — agent-trust-hub — spec-driven-implementation