superspec-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill performs multiple calls to a local CLI tool named
openspec. These calls are structured and used to list, create, and inspect status of change requests. While this involves command execution, it is limited to a specific tool required for the skill's functionality.- [PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by ingesting and acting upon instructions or templates returned by theopenspectool. - Ingestion points: Data enters the agent context through the stdout of
openspec statusandopenspec instructionscommands. - Boundary markers: No explicit delimiters or warnings are used to differentiate tool-provided content from system instructions.
- Capability inventory: The agent has the capability to write files to the local filesystem (e.g.,
proposal.md,specs/**/*.md). - Sanitization: There is no evidence of sanitization or validation of the content received from the CLI tool before it is used to drive file-writing operations.
Audit Metadata