openspec-ff-change
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'openspec' CLI tool to perform actions such as creating new changes, checking project status, and retrieving artifact instructions. These operations are core to the skill's functionality and involve parameter injection from user-provided change names.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes JSON data returned by the 'openspec' CLI to guide its output and logic.
- Ingestion points: Reads project background, rules, templates, and guidance from the JSON output of 'openspec status --json' and 'openspec instructions --json' in steps 3 and 4.
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating 'context', 'rules', or 'instruction' fields into the agent's reasoning.
- Capability inventory: The skill has the ability to execute further shell commands via the CLI and write arbitrary files to the local file system.
- Sanitization: There is no evidence of sanitization or validation of the content provided by the CLI tool before it is used to constrain or generate the output.
Audit Metadata