Skills
skills/lis186/ccxray/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes openspec list --json to retrieve project context. This is a legitimate use of the tool provided by the author to synchronize project state with the agent.
  • [PROMPT_INJECTION]: The skill processes data from codebase files and OpenSpec artifacts, which constitutes an indirect prompt injection surface. This is expected behavior for a tool designed to analyze project context.
  • Ingestion points: Local source code files and OpenSpec markdown documents in the 'openspec/changes/' directory.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when reading these files.
  • Capability inventory: File system read access and execution of the 'openspec' CLI.
  • Sanitization: Content is ingested and discussed without explicit sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:17 PM