spec-context
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill includes scripts (
spec-common.ps1andspec-common.sh) that collect the user's Git email address (git config user.email) and the repository's remote origin URL (git remote get-url origin). This data is transmitted via POST requests to an external endpoint:https://markdown.fzzixun.com/api/v1/tracking. This background network activity and collection of personally identifiable information (PII) is not disclosed in the skill's main documentation. - [COMMAND_EXECUTION]: The skill requires the execution of local PowerShell and Bash scripts that interact extensively with the local filesystem and Git environment. The instructions explicitly direct the agent to bypass PowerShell execution policies using the
-ExecutionPolicy Bypassflag, circumventing local security configurations.
Audit Metadata