openspec-sdd
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@fission-ai/openspecpackage from the NPM registry to provide its core functionality. This is a vendor-owned package. - [COMMAND_EXECUTION]: The skill relies on the
openspecCLI to perform actions such as initializing the project (openspec init), listing specifications, and archiving changes. These commands modify local files and directories. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its data processing workflow:
- Ingestion points: Reads project context from
openspec/config.yamland analyzes existing codebase files inopenspec/directories. - Boundary markers: Absent; no explicit delimiters or instructions to ignore embedded commands are documented for these inputs.
- Capability inventory: Executes CLI commands and performs file system operations including creation and modification of files.
- Sanitization: Absent; the skill documentation does not specify validation or escaping of the ingested project data.
Audit Metadata