openspec-onboard
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the local environment, specifically checking for the presence of the OpenSpec CLI tool and reading git history to provide context. It also executes various OpenSpec commands (new, instructions, archive) to manage the onboarding workflow. These commands are necessary for the skill's intended function and do not appear to involve external data or remote script execution.
- [PROMPT_INJECTION]: The skill performs codebase analysis by reading local files for strings like 'TODO' and 'FIXME' to suggest tasks. This creates a surface for indirect prompt injection where malicious instructions placed in comments within the user's code could attempt to influence the agent's behavior. However, this is a common characteristic of development assistant tools and is restricted to the local context.
Audit Metadata