openspec-brainstorming
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local CLI commands including
lsandopenspec. These operations are used to verify environment state and manage design changes within the defined project scope. - [Indirect Prompt Injection] (LOW): The skill is designed to read untrusted data from the local environment, creating a surface for indirect prompt injection.
- Ingestion points: Processes local project files, documentation, and recent git commit history as part of its 'Understanding the idea' phase.
- Boundary markers: No explicit delimiters are used to separate ingested file content from the agent's instructions.
- Capability inventory: The skill can execute shell commands (
openspec) and perform git commits. - Sanitization: The skill does not implement sanitization or filtering for the content read from files before processing.
Audit Metadata