openspec-propose
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands via the openspec CLI (e.g., openspec new, openspec status, openspec instructions). These commands use arguments derived from user input and tool outputs.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and acting upon instructions and rules provided at runtime from external sources.
- Ingestion points: Data is ingested from the openspec instructions JSON output (specifically the context, rules, and instruction fields) and from reading local dependency files.
- Boundary markers: No boundary markers or specific instructions to isolate/ignore embedded commands within the ingested data are present.
- Capability inventory: The skill can execute shell commands through the openspec CLI and write files to the local file system.
- Sanitization: No sanitization or validation of the ingested external content is performed before it is used to guide the agent's behavior.
Audit Metadata