openspec-continue-change
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the openspec CLI tool with interpolated variables.
- Evidence: The instructions in SKILL.md specify running commands like
openspec status --change "<name>"andopenspec instructions <artifact-id> --change "<name>". If these variables are derived from untrusted input, it could lead to command injection. - [PROMPT_INJECTION]: The skill processes JSON data from CLI outputs and uses specific fields to guide its generation logic, creating an indirect prompt injection surface.
- Ingestion points: JSON output from
openspec list,openspec status, andopenspec instructionsin SKILL.md. - Boundary markers: No delimiters or "ignore instructions" warnings are present when processing the
template,rules, andinstructionfields. - Capability inventory: The skill can execute CLI commands, read dependency files, and write new files to the
outputPath. - Sanitization: The skill instructions do not specify any validation or sanitization of the content returned by the CLI tool before it is used to influence the agent's output.
Audit Metadata