Skills
skills/ada20204/antigravity-sync-mcp/openspec-onboard/Gen Agent Trust Hub

openspec-onboard

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local commands using the openspec CLI (e.g., openspec status, openspec new, openspec archive) and git (e.g., git log) to facilitate the onboarding process.
  • [PROMPT_INJECTION]: In Phase 2, the skill scans the local codebase for patterns like TODO or FIXME. This ingestion of untrusted local file content serves as an entry point for indirect prompt injection, where malicious text in the source code could influence the agent's task suggestions or narration.
  • Ingestion points: Reads local code files searching for comments and patterns as defined in SKILL.md.
  • Boundary markers: None explicitly defined for the codebase scanning logic.
  • Capability inventory: Executes CLI commands (openspec, git), creates directories (mkdir), and writes to the filesystem (Phase 9 implementation).
  • Sanitization: No specific sanitization or filtering of codebase content is mentioned before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 01:08 PM