spec-driven-planning

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing untrusted data from external sources.
  • Ingestion points: Technical documentation and best practices are retrieved via WebFetch and WebSearch in the requirements and design phases.
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions potentially embedded in the fetched external content.
  • Capability inventory: The skill utilizes Bash commands (ls, mkdir, curl) and file-write capabilities across multiple files (requirements.md, design.md, tasks.md).
  • Sanitization: Content retrieved from external sources is interpolated into local documentation files without evident sanitization or validation.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform routine administrative and research tasks.
  • File system operations: Uses ls and mkdir to manage feature directories in docx/features/.
  • Network exploration: Uses curl to explore and test API endpoints as part of technical research.
  • [EXTERNAL_DOWNLOADS]: The skill fetches external data to inform its planning process.
  • Uses WebSearch and WebFetch to gather information on industry standards, competitor documentation, and architectural patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 05:46 PM
Security Audit — agent-trust-hub — spec-driven-planning