openspec-continue-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local system by executing the 'openspec' command-line utility with subcommands like 'list', 'status', and 'instructions'. This is the primary mechanism for the skill's functionality.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: The skill parses JSON output from the 'openspec' CLI, including instructions and templates. 2. Boundary markers: No markers are used to delimit or ignore instructions found within the CLI output. 3. Capability inventory: The skill has the ability to execute CLI commands and write to file paths (outputPath) provided by the external tool. 4. Sanitization: There is no evidence of sanitization or validation of the content or paths retrieved from the CLI before execution.
Audit Metadata