openspec-onboard
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local commands including openspec status, openspec new, openspec instructions, and git log. These are legitimate operations used to teach and demonstrate the OpenSpec workflow within the user's environment.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. * Ingestion points: In Phase 2, the skill scans the codebase for TODO, FIXME, HACK, and XXX comments. * Boundary markers: There are no explicit delimiters or safety instructions used to prevent the agent from following instructions embedded in these comments. * Capability inventory: The agent has permissions to execute CLI commands and write files to the project directory. * Sanitization: The skill does not describe any validation or cleaning of the text found in code comments before it is used.
Audit Metadata