Skills
skills/hiromaily/go-crypto-wallet/openspec-apply-change/Gen Agent Trust Hub

openspec-apply-change

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec CLI (e.g., openspec list, openspec status, and openspec instructions) to manage the workflow and retrieve metadata about changes. These commands are necessary for the skill's defined purpose.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads local project files identified as context by the CLI tool. This access is localized to the repository the user is working on and is required for code implementation tasks.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface where it processes external specification files (ingestion point: contextFiles in SKILL.md). While explicit boundary markers are not used in prompt interpolation, the skill implements safety guardrails by instructing the agent to pause for clarification if tasks are ambiguous and to keep code changes minimal. Capabilities are limited to standard file operations and CLI interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 09:42 PM