openspec-ff-change
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes the local 'openspec' CLI tool using shell commands to create changes and retrieve instructions. User-provided names are interpolated into these commands. The skill mitigates risks by instructing the agent to derive kebab-case identifiers from user input rather than using raw descriptions.
- [PROMPT_INJECTION]: The skill processes user descriptions and CLI-generated JSON (instructions, templates, and rules) to create files, creating a surface for indirect prompt injection. 1. Ingestion points: User descriptions and 'openspec' CLI JSON output. 2. Boundary markers: No explicit delimiters are specified for CLI context. 3. Capability inventory: Shell execution of the 'openspec' CLI and file writing. 4. Sanitization: Instructs the agent to format input as kebab-case.
Audit Metadata