Skills
skills/cachemoney/agent-toolkit/openspec-apply-change/Gen Agent Trust Hub

openspec-apply-change

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing the openspec CLI tool (e.g., openspec status, openspec instructions apply) to retrieve workflow data and instructions.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data as instructions.
  • Ingestion points: The agent ingests JSON-formatted data from the openspec CLI and reads the contents of files identified in the contextFiles output.
  • Boundary markers: The instructions do not define boundary markers or safety directives to prevent the agent from executing malicious instructions hidden within the ingested CLI data or context files.
  • Capability inventory: The agent has the capability to execute the openspec CLI, read local files, and perform code modifications.
  • Sanitization: No sanitization, validation, or filtering of the dynamic instructions or file content is performed before they are acted upon by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:44 PM