openspec-explore
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'openspec list --json' to retrieve project state. This is a local command associated with the skill's required CLI dependency.
- [PROMPT_INJECTION]: The skill contains strong behavioral directives, such as 'NEVER write code or implement features', which function as safety guardrails to ensure the agent remains in a passive 'thinking' mode.
- [DATA_EXPOSURE]: Instructions allow the agent to read files and search the codebase for context. This is the intended functionality of an exploration skill and does not involve exfiltration to external domains.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill reads external files including 'openspec/changes/.md', 'specs/.md', and the general codebase.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the files being read.
- Capability inventory: The agent can execute the 'openspec' CLI and read/write project documentation artifacts.
- Sanitization: No sanitization is performed on the content of the files read from the codebase.
Audit Metadata