issues-to-openspec
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes user-provided markdown files without explicit safety boundaries.
- Ingestion points: The agent is instructed to read contents from user-specified paths such as
docs/prds/anddocs/issues/. - Boundary markers: There are no instructions to use delimiters or warnings for the agent to disregard instructions embedded within the source files.
- Capability inventory: The skill allows for filesystem writes (creating the
openspec/directory and various markdown files) and network operations (performing web searches based on file content). - Sanitization: The skill does not specify any sanitization, escaping, or validation logic for the external content before it is processed or used to generate new artifacts.
Audit Metadata