GitHub's spec-kit 0.7.5: Agent Skills, Security Fix
spec-kit 0.7.5 fixes agent skill resolution across all models, patches a directory traversal vulnerability, and adds CLI self-check commands. New community extensions for wireframe and red-team workflows now available.
TL;DR
- Fixed skill placeholder resolution for all agents, not just codex/kimi
- New CLI self-check and self-upgrade commands
- Directory traversal vulnerability patched in agent command write paths
- New wireframe and red-team community extensions added
New
- CLI self-check and self-upgrade — stub commands for checking and upgrading specify-cli directly from the tool
- Community extensions — wireframe (v0.1.1) and red-team extensions now in the catalog, plus superpowers-bridge
- preset wrap strategy — new preset wrapping implementation for better configuration handling
Fixed
- Agent skill placeholders — resolved placeholder resolution for all agents, previously only worked for codex/kimi
- Directory traversal vulnerability — blocked directory traversal attacks in agent command write paths
Updated
- version-guard bumped to v1.1.0
Update with: uv tool install specify-cli --from git+https://github.com/github/spec-kit.git@v0.7.5
Source: Spec Kit
