openspec-progressive-superpowers
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified via data ingestion from local project files.
- Ingestion points: The skill searches and reads content from various local paths including
docs/**/*.md,docs/**/*.txt,CLAUDE.md,package.json,Cargo.toml, andgo.modto derive project context. - Boundary markers: Absent. The skill does not specify the use of delimiters, XML tags, or protective markers to wrap the ingested content when generating the
openspec/config.yamlfile. - Capability inventory: The skill has the capability to write to the local filesystem (
openspec/config.yaml). The resulting file is used as a persistent context for future agent interactions. It does not perform network operations or execute arbitrary system commands. - Sanitization: Absent. There is no evidence of validation, filtering, or escaping of the content extracted from external project files before it is interpolated into the configuration sections.
Audit Metadata