Skills
skills/cachemoney/agent-toolkit/openspec-onboard/Gen Agent Trust Hub

openspec-onboard

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local CLI commands to interact with the repository and the openspec tool.
  • Evidence: Executes openspec status, openspec new change, openspec instructions proposal, openspec archive, and git log.
  • Context: These operations are necessary for initializing the onboarding environment and managing the lifecycle of project changes.
  • [PROMPT_INJECTION]: The skill processes untrusted data from the user's codebase and commit history, creating a surface for indirect prompt injection.
  • Ingestion points: Phase 2 (Codebase Analysis) scans files for comments like TODO or FIXME and reads the output of git log.
  • Boundary markers: The skill does not use explicit delimiters for the ingested code snippets in its internal instructions.
  • Capability inventory: The skill can write files and directories (Phase 4, 6, 7, 8) and execute local CLI tools (Phase 10).
  • Sanitization: The risk is mitigated by a mandatory human-in-the-loop (HITL) process where the agent drafts suggestions, proposals, and task lists for user review and explicit approval before proceeding with any implementation or filesystem changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:44 PM