openspec-proposal
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and processes untrusted project data to generate documentation.
- Ingestion points: Files such as openspec/project.md, openspec/changes/, openspec/specs/, and arbitrary project code found via Grep or Glob operations.
- Boundary markers: None; the instructions do not specify any delimiters or safety prompts to isolate ingested file content from the agent's task instructions.
- Capability inventory: Includes the ability to execute Bash commands, and Write or Edit files, which could be misused if the agent obeys instructions embedded in the project files.
- Sanitization: No content validation or sanitization steps are defined for the data read from the local file system.
Audit Metadata