spec-driven-implementation
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill facilitates a legitimate software development workflow. It operates on local project documentation and source code files to track TDD progress, which is consistent with its stated purpose.
- [PROMPT_INJECTION]: The skill reads project-specific documentation (requirements.md and design.md) to generate implementation tasks, creating an attack surface for indirect prompt injection if these files originate from an untrusted source. Ingestion points: requirements.md, design.md. Boundary markers: Absent. Capability inventory: File modification via the Edit tool and interaction with git-workflow. Sanitization: None identified for processed file content.
Audit Metadata