spec-driven-planning
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) by processing untrusted data from external sources.
- Ingestion points: Technical documentation and best practices are retrieved via WebFetch and WebSearch in the requirements and design phases.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions potentially embedded in the fetched external content.
- Capability inventory: The skill utilizes Bash commands (ls, mkdir, curl) and file-write capabilities across multiple files (requirements.md, design.md, tasks.md).
- Sanitization: Content retrieved from external sources is interpolated into local documentation files without evident sanitization or validation.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform routine administrative and research tasks.
- File system operations: Uses ls and mkdir to manage feature directories in docx/features/.
- Network exploration: Uses curl to explore and test API endpoints as part of technical research.
- [EXTERNAL_DOWNLOADS]: The skill fetches external data to inform its planning process.
- Uses WebSearch and WebFetch to gather information on industry standards, competitor documentation, and architectural patterns.
Audit Metadata