Skills
skills/bacoco/bmad-skills/openspec-change-implementation/Gen Agent Trust Hub

openspec-change-implementation

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill is explicitly granted the Bash tool and instructed to execute commands for implementation and testing purposes (e.g., 'npm test'). While this is the primary purpose of the skill, it represents a powerful capability that can be misused if the agent is manipulated by malicious input.
  • [PROMPT_INJECTION] (LOW): The skill exhibits a high-risk surface for Indirect Prompt Injection because its workflow relies on reading and executing tasks from external files like proposal.md and tasks.md without sanitization.
  • Ingestion points: Files located in openspec/changes/ including proposal.md, tasks.md, and design.md as specified in REFERENCE.md.
  • Boundary markers: None. The agent is instructed to follow the tasks.md content as a sequential execution guide.
  • Capability inventory: Full access to Bash, Write, Read, and Grep tools as defined in SKILL.md.
  • Sanitization: None. The agent is encouraged to 'execute tasks WITHOUT pausing' based on the content of the ingested files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:33 PM