Skills
skills/mtymek/opencode-obsidian/openspec-ff-change/Gen Agent Trust Hub

openspec-ff-change

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the openspec CLI to manage change directories and retrieve artifact data. Specific commands executed include openspec new, openspec status, and openspec instructions.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and following instructions provided by the output of external commands.
  • Ingestion points: Data is ingested via the openspec instructions --json command in SKILL.md (Step 4a).
  • Boundary markers: Absent. The agent is directed to use the instruction and template fields without specific delimiters or warnings to ignore embedded malicious content.
  • Capability inventory: The agent possesses command execution capabilities (openspec CLI) and file-writing capabilities (TodoWrite tool).
  • Sanitization: No sanitization or validation of the CLI output is performed before the agent interprets the fields as instructions or templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 12:48 AM