AgentReadyHomeAgent Listing

← Spec Kit

Spec Kit — agentic threat model

7.9AIVSS 7.9 · High

Spec Kit introduces moderate-to-high risk as a developer-facing orchestration toolkit that coordinates powerful coding agents; while its structured Markdown-based workflow enhances transparency, a compromise in the template generation or underlying agent integration could lead to malicious code injection and supply chain vulnerabilities.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 7.8AARS uplift 1.01Factor sum 4.6/10Threat ×1.0Mitigation ×0.9
Autonomy of Action
0.40
Goal-Driven Planning
0.80
Self-Modification
0.10
Dynamic Tool Use
0.60
Persistent Memory
0.30
Contextual Awareness
0.70
Dynamic Identity
0.20
Multi-Agent Interactions
0.70
Non-Determinism
0.50
Opacity & Reflexivity
0.30

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — Spec Kit is an open-source toolkit and CLI that orchestrates external AI coding agents (like Claude Code) rather than hosting its own foundation models. Model-level threats like adversarial reprogramming or data poisoning depend entirely on the 30+ third-party models it supports.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — The tool generates local Markdown artifacts (Spec, Plan, Tasks, Implement) and performs cross-artifact analysis, but details regarding vector databases, long-term data storage, or data exfiltration protections are not specified.

L3 · Agent Frameworks✓ mapped

Spec Kit provides a structured orchestration framework using slash commands (/specify, /plan, /tasks, /implement) and templates. The primary framework threat is prompt injection or template poisoning, where malicious inputs could manipulate the generated tasks or implementation instructions to execute unauthorized commands via the underlying coding agent.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — As a CLI tool (Specify CLI), it runs locally or within developer CI/CD environments. The security of the hosting infrastructure, sandboxing of code execution, and secret management depend on the user's local environment and the specific coding agent's runtime configuration.

L5 · Evaluation & Observability✓ mapped

Spec Kit includes quality checklists and cross-artifact analysis to evaluate the consistency of generated specifications and plans. However, it lacks built-in runtime security monitoring, anomaly detection, or guardrails to prevent the generation of insecure code during the implementation phase.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — Being an open-source CLI toolkit, there is no mention of built-in identity management, access control policies, or compliance auditing, relying instead on the permissions of the host system and the underlying agent's API keys.

L7 · Agent Ecosystem✓ mapped

Spec Kit explicitly supports and coordinates with 30+ AI coding agents. This multi-agent ecosystem introduces risks of cascading failures or trust abuse, where a vulnerability or compromise in one supported agent could propagate through the SDD workflow and compromise the entire codebase.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).