Security Audit
dceoy/speckit-agent-skills:skills/speckit-implement
github.com/dceoy/speckit-agent-skillsTrust Assessment
dceoy/speckit-agent-skills:skills/speckit-implement received a trust score of 79/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via Unsafe Shell Argument Construction, Unverified Execution of Stored Instructions (Indirect Prompt Injection), Execution of Untrusted Repository Scripts.
The analysis covered 4 layers: dependency_graph, llm_behavioral_safety, manifest_analysis, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 8, 2026 (commit c21d8d2d). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Unsafe Shell Argument Construction The skill instructs the agent to execute a shell script (`check-prerequisites.sh`) using arguments derived from file paths (`FEATURE_DIR`, `AVAILABLE_DOCS`). The instruction explicitly guides the agent on how to manually escape single quotes in arguments. This implies the agent is constructing a raw shell command string rather than using a safe argument array execution method. If the input variables contain malicious shell metacharacters (e.g., semicolons, backticks) and the agent fails to escape them perfectly, it could lead to arbitrary command execution. Instruct the agent to use safe execution primitives that accept argument lists (e.g., `subprocess.run` with an array) to avoid shell interpretation of arguments, or strictly validate and sanitize all inputs before constructing the command string. | Unknown | SKILL.md:18 | |
| MEDIUM | Unverified Execution of Stored Instructions (Indirect Prompt Injection) The workflow automatically proceeds to execute tasks defined in `tasks.md` if checklists are complete or missing, without requiring explicit user confirmation. If `tasks.md` contains malicious instructions (e.g., from a compromised upstream source or previous prompt injection), the agent will execute them blindly. This lacks a 'human-in-the-loop' verification step for the actual content of the tasks. Modify the workflow to display a summary of the tasks to be executed and require explicit user confirmation ('y/n') before proceeding to the implementation phase, regardless of checklist status. | Unknown | SKILL.md:45 | |
| MEDIUM | Execution of Untrusted Repository Scripts The skill executes a script `.specify/scripts/bash/check-prerequisites.sh` directly from the repository. If the repository content is untrusted or has been compromised, this script could contain malicious code that the agent executes with its privileges. Verify the integrity of the script before execution (e.g., via checksums), or prefer using trusted system-installed tools over scripts found within the target repository. | Unknown | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/5a90ad2169d68f99)
Powered by SkillShield