openspec-apply-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs the
openspecCLI to manage workflows and retrieve task data. - [EXTERNAL_DOWNLOADS]: Requires the
openspecCLI as an external dependency for its primary operations. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it implements tasks based on content from external files.
- Ingestion points: Project files like proposals and tasks read during the context-gathering phase.
- Boundary markers: No delimiters are present to prevent the agent from following instructions embedded in the data.
- Capability inventory: The agent can run shell commands and edit local source files.
- Sanitization: The skill processes content from files without sanitizing for potential malicious instructions.
Audit Metadata