Skills
skills/atilladeniz/kubeli/openspec-new-change/Gen Agent Trust Hub

openspec-new-change

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec command-line interface to manage development workflows, including creating new changes, checking status, and retrieving artifact instructions.
  • Specific commands: openspec new change, openspec status, and openspec instructions.
  • This execution is the primary intended function of the skill and is consistent with the author's metadata.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests user input (descriptions or names) to drive the workflow, which could theoretically be used to influence command arguments.
  • Ingestion points: User-provided change descriptions and names in Step 1.
  • Boundary markers: No explicit delimiters are used for the interpolated strings.
  • Capability inventory: Subprocess execution of the openspec CLI tool.
  • Sanitization: The skill includes a specific guardrail requiring the agent to validate that the name is in 'kebab-case' before proceeding, which serves as a mitigation against command injection through the name argument.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:27 PM