openspec-explore
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'openspec list --json' command to retrieve current project context, including active changes and their statuses.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to read and process the content of user-controlled files from the codebase. Ingestion points: Reads documents from 'openspec/changes/' and 'specs/' directories. Boundary markers: The skill does not implement specific delimiters or instructions to ignore embedded commands within these files. Capability inventory: The agent can execute CLI commands through the 'openspec' tool based on the gathered context. Sanitization: No explicit content validation or sanitization of project artifacts is performed.
Audit Metadata