superspec-init
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill runs multiple shell commands using the
openspecCLI, including initialization and schema validation. While intended for setup, this grants the agent the capability to interact with the host system's shell environment. - [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection (Category 8) in Step 4. It is instructed to summarize the JSON output from
openspec schema validate. If a user is working on a project with a maliciousschema.yaml, the validator's output could contain instructions that the agent might obey. (1) Ingestion points: Step 4openspeccommand output. (2) Boundary markers: None present. (3) Capability inventory: Shell command execution (openspec,mkdir) and local file writing. (4) Sanitization: None provided for the CLI output processing.
Audit Metadata