openspec-new-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several commands using the 'openspec' CLI, including creating new changes and retrieving artifact instructions. These operations are limited to the specified CLI and its workspace.
- [PROMPT_INJECTION]: The skill processes user-supplied strings for change names and descriptions which are then used in CLI commands. * Ingestion points: User-provided name and description in SKILL.md. * Boundary markers: None used in command templates. * Capability inventory: Execution of 'openspec' CLI commands (new, status, instructions) in SKILL.md. * Sanitization: Includes a guardrail requiring names to be in 'kebab-case', which serves as a validation filter against command injection characters.
Audit Metadata