Skills
skills/ai-feier/skills/openspec-apply-change/Gen Agent Trust Hub

openspec-apply-change

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the openspec CLI by executing commands such as openspec list, openspec status, and openspec instructions. It uses variable interpolation for the change name (e.g., openspec status --change "<name>" --json), which requires the agent to ensure input names do not contain shell metacharacters.
  • [DATA_EXFILTRATION]: The skill reads project documentation, specifications, and source code files listed in the contextFiles output of the CLI. This is a core part of the functionality but involves reading local file system data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its implementation logic is driven by the content of external task files and context files.
  • Ingestion points: CLI output from openspec instructions and local project files specified in contextFiles (SKILL.md).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts within the files being read.
  • Capability inventory: Shell command execution via the openspec CLI and the ability to read and write to the local file system to implement code changes (SKILL.md).
  • Sanitization: The skill does not implement sanitization or validation of the content retrieved from project files before using it to guide agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:33 PM