openspec-verify-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the openspec CLI to retrieve project metadata and instructions. Specific commands include 'openspec list', 'openspec status', and 'openspec instructions apply' as seen in Steps 1, 2, and 3.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external content from project files.
- Ingestion points: The skill reads tasks.md, design.md, and specification files identified through the openspec CLI (Step 3).
- Boundary markers: There are no explicit instructions or delimiters provided to prevent the agent from following instructions embedded within these external files.
- Capability inventory: The agent can execute system commands via the openspec CLI and perform broad codebase searches (Step 5 and 6).
- Sanitization: No sanitization or filtering logic is present for the ingested file contents before they are analyzed and used to build the verification report.
Audit Metadata