openspec-archive
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses Bash for mkdir, mv, and git commands. These are used for project organization and are not inherently malicious in this context.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. 1. Ingestion points: reads tasks.md and spec files from the change directory. 2. Boundary markers: None identified in the workflow steps. 3. Capability inventory: Write, Edit, and Bash access. 4. Sanitization: No validation or escaping of the ingested file content before use in prompts or merge operations.
Audit Metadata