Skills
skills/mtymek/opencode-obsidian/openspec-onboard/Gen Agent Trust Hub

openspec-onboard

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on local CLI execution to perform its functions. It checks the project status using openspec status, retrieves repository history via git log, and manages workflow containers with openspec new change and openspec archive.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the local repository to influence agent behavior during the task selection phase.
  • Ingestion points: Codebase scanning for TODO, FIXME, and HACK comments, as well as the output of git log.
  • Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when interpolating discovered codebase strings into its prompts.
  • Capability inventory: The agent has the capability to execute shell commands via the openspec CLI, create directories, and write implementation tasks and design artifacts to the filesystem.
  • Sanitization: No sanitization or validation of the extracted strings (like TODO descriptions) is performed before they are used to draft proposals or task lists.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 12:48 AM