Skills
skills/bumgeunsong/daily-writing-friends/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external project artifacts without using boundary markers or sanitization logic.
  • Ingestion points: Reads content from proposal.md, design.md, and tasks.md within the openspec/changes/ directory.
  • Boundary markers: No delimiters or instructions are provided to the agent to distinguish between its own logic and potentially malicious instructions embedded in those files.
  • Capability inventory: The skill has the capability to write to the filesystem (creating/updating artifacts) and execute the openspec CLI tool.
  • Sanitization: No sanitization or validation of the ingested file content is performed.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a specific local CLI tool to gather context about the project state.
  • Evidence: Execution of openspec list --json to identify active changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 12:22 AM