openspec-dev
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill is susceptible to command injection because the user input is interpolated directly into shell commands for git and the GitHub CLI. Evidence: usage in 'git checkout -b feat/-phase-N' (SKILL.md).
- PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection (Category 8). The skill reads and processes content from 'tasks.md' and 'proposal.md' which is then passed to code-executing subagents. Evidence: Ingestion points: 'tasks.md' and 'proposal.md' (File: SKILL.md); Boundary markers: Absent; Capability inventory: Git/GH command execution and delegation to subagents; Sanitization: Absent.
Audit Metadata