Skills
skills/arabold/docs-mcp-server/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to read and analyze files within the user's codebase, including existing specifications and proposals. Maliciously crafted content within these processed files could attempt to subvert the agent's instructions or influence its decision-making during the exploration phase.
  • Ingestion points: Reads local codebase files, search results, and OpenSpec artifacts (e.g., proposal.md, design.md, spec.md) stored in the openspec/changes/ directory.
  • Boundary markers: Absent. The instructions do not define specific delimiters or provide guidance to the agent to ignore embedded instructions within the ingested content.
  • Capability inventory: Includes the ability to read arbitrary files, perform code searches, and execute the openspec CLI for artifact management.
  • Sanitization: Absent. No validation or filtering of the file content is performed before it is added to the agent's context.
  • [COMMAND_EXECUTION]: The skill executes the openspec list --json command to retrieve the current project state and list active changes. This command execution is consistent with the skill's stated purpose and utilizes the required vendor-specific tooling.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 09:22 PM