The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation in references/cli-commands.md directs the user to install the @fission-ai/openspec package globally via npm install -g. Global installation of unverified third-party packages can allow the execution of arbitrary code with high privileges during the installation or execution phase.
[COMMAND_EXECUTION]: The skill's primary workflow relies on executing shell commands through the openspec CLI tool, which is used for project initialization, validation, and management as described in references/cli-commands.md.
[PROMPT_INJECTION]: This skill is vulnerable to indirect prompt injection as it is designed to ingest and follow instructions from markdown files such as spec.md, proposal.md, and design.md. These files are used as the 'Source of Truth' for generating code and performing architectural tasks.
Ingestion points: Files located in openspec/specs/ and openspec/changes/ defined in the role-workflow documentation.
Boundary markers: None identified; the instructions in references/role-workflow.md tell the agent to 'strictly follow' the specifications and definitions in these files.
Capability inventory: The agent can generate implementation code, run CLI tools, and write files to the system based on these untrusted specification inputs.
Sanitization: There is no evidence of sanitization or safety checks performed on the specification content before it is processed by the AI to generate code.

openspec-assistant