Skills
skills/mrclrchtr/skills/openspec-brainstorm/Gen Agent Trust Hub

openspec-brainstorm

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages a Node.js-based web server using shell scripts (start-server.sh, stop-server.sh). It executes node to run the custom server.cjs script to facilitate visual UI interactions.\n- [DATA_EXFILTRATION]: The visual companion server serves HTML content and assets from the project's local directory. While it binds to 127.0.0.1 by default, it provides configuration options to bind to 0.0.0.0, which could potentially expose project information to other devices on the local network.\n- [PROMPT_INJECTION]: The skill ingests untrusted content from OpenSpec artifacts (proposal.md, design.md, etc.) to provide context for brainstorming. This represents an indirect prompt injection surface where malicious instructions could be embedded in these files.\n
  • Ingestion points: Markdown files within the openspec/changes/ directory and user-event JSON data from browser interactions.\n
  • Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when reading or presenting these files to the agent's context.\n
  • Capability inventory: Local file system access, shell command execution, and local server management.\n
  • Sanitization: No explicit sanitization or validation of the ingested markdown content was observed in the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 10:42 AM