Skills
skills/costicapuntaru/agentica/opsx-apply-subagents/Gen Agent Trust Hub

opsx-apply-subagents

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the local openspec command-line tool using the openspec instructions apply command to fetch task metadata and context in JSON format. This is a core part of the orchestration workflow.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon task data and context files generated by an external tool. \n
  • Ingestion points: Data is ingested from the output of openspec instructions apply --change "<name>" --json (SKILL.md). \n
  • Boundary markers: There are no explicit instructions or delimiters used to separate the ingested data from the agent's core instructions. \n
  • Capability inventory: The skill has the capability to spawn multiple concurrent subagents, manage dependency chains, and update task states sequentially (SKILL.md, agents/openai.yaml). \n
  • Sanitization: No validation or sanitization steps are documented for the data retrieved from the CLI tool before it is used to determine subagent tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 01:04 PM