openspec-explore
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the openspec CLI command 'openspec list --json' to synchronize with the current state of project proposals and change requests.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting content from codebase files and change artifacts without sanitization. * Ingestion points: Reads arbitrary files from the local codebase and structured documents from the openspec/changes/ directory. * Boundary markers: Absent; the skill does not use delimiters or explicit instructions to distinguish between system directives and file content. * Capability inventory: Local file system read access, execution of the openspec CLI, and write access to project documentation artifacts like design.md and spec.md. * Sanitization: Absent; the agent processes external file content as natural language without validation or escaping.
Audit Metadata