Skills
skills/danielsogl/copilot-workflow-demo/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec list --json command to gather information about project changes. This is a restricted, non-arbitrary command intended for context gathering.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection as it is instructed to read and process content from the local codebase and OpenSpec project files (e.g., proposal.md, design.md, tasks.md).
  • Ingestion points: Reads files from the local codebase and the openspec/changes/ directory.
  • Boundary markers: Absent. There are no instructions to use delimiters or specific safety prompts to prevent the agent from obeying instructions embedded within the read files.
  • Capability inventory: File reading and execution of the openspec CLI tool.
  • Sanitization: Absent. The skill does not implement any validation or sanitization for the content retrieved from external files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:09 AM