openspec-config
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate project configuration and documentation analysis without any evidence of obfuscation or malicious intent.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core function of interpolating project documentation into workflow instructions. Ingestion points: The skill scans docs//*.md, CLAUDE.md, Cargo.toml, package.json, and openspec/specs//*.md to build project context. Boundary markers: The generated config.yaml uses YAML block scalar syntax (context: |) and Markdown headers to separate data from instructions. Capability inventory: The skill is restricted to local file system read operations and writing to the openspec/config.yaml path; it lacks network access and command execution capabilities. Sanitization: No sanitization or filtering is applied to the content extracted from project documents before it is written to the configuration file.
Audit Metadata