openspec-propose
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local commands using the 'openspec' CLI to manage project structures and query status. This is the primary intended functionality of the tool.
- [PROMPT_INJECTION]: The skill processes data from the 'openspec instructions' command as logic and rules. Ingestion point: 'openspec instructions' CLI output (SKILL.md). Boundary markers: Absent. Capability inventory: 'openspec' CLI execution and file writing. Sanitization: Absent. This represents an indirect prompt injection surface where the agent's logic is influenced by external tool data, which is common in framework-specific scaffolding tools.
Audit Metadata