openspec-propose
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local system by executing the openspec CLI tool. It takes user-provided descriptions and derives names for shell commands. The prompt includes instructions for the agent to sanitize these names into a kebab-case format to ensure valid command execution.- [INDIRECT_PROMPT_INJECTION]: The skill reads instructions and context from external sources (the output of the openspec instructions command and existing project files) to guide the generation of new artifacts. This represents an attack surface for indirect prompt injection.
- Ingestion points: JSON output from the openspec instructions command and content from dependency files.
- Boundary markers: None defined for the file read and write operations.
- Capability inventory: Execution of openspec CLI commands and writing files to the local disk.
- Sanitization: There is no explicit sanitization or filtering of the content retrieved from external files or tool outputs before it is used as a constraint for the agent's logic.
Audit Metadata