openspec-continue-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as 'openspec status --change' using user-supplied names. This pattern poses a risk of command injection if the input contains shell metacharacters and the execution environment lacks sanitization.
- [EXTERNAL_DOWNLOADS]: The skill relies on the 'openspec' CLI, an external dependency required for operation. The source and integrity of this binary are not verified within the skill's code.
- [PROMPT_INJECTION]: There is a surface for indirect prompt injection as the agent follows instructions, applies rules, and uses templates provided by the output of the 'openspec' tool. 1. Ingestion points: JSON data returned from 'openspec list', 'openspec status', and 'openspec instructions'. 2. Boundary markers: No delimiters are used to separate tool-provided data from agent instructions. 3. Capability inventory: Execution of CLI commands and file system read/write operations. 4. Sanitization: No explicit validation or filtering of the paths or instructions returned by the CLI is performed.
Audit Metadata