spec-interview
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted technical documentation which can be used to influence the agent's subsequent task generation. Evidence Chain: 1. Ingestion points: 'plan.md' and user-specified documents. 2. Boundary markers: Absent; there are no clear delimiters defined to separate user-provided content from the agent's operational instructions. 3. Capability inventory: The skill can create files in the 'openspec/' directory and execute slash commands like '/openspec:apply' that modify the project codebase. 4. Sanitization: No explicit sanitization or pre-processing filters are mentioned for the ingested document content.
- Security Best Practices (SAFE): The skill includes a 'High Risk Operation Detection' mechanism that proactively identifies dangerous operations (e.g., git force push, file deletion) and requires user confirmation, serving as a critical safety barrier.
Audit Metadata