openspec-new-change
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several openspec CLI commands (e.g., openspec new change, openspec status, openspec instructions) to manage software artifacts based on user input.\n- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection where untrusted user data is processed to create command-line arguments.\n
- Ingestion points: User input requested in Step 1 (change description) via the AskUserQuestion tool.\n
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing the user input.\n
- Capability inventory: The skill performs shell execution of the openspec CLI tool in steps 3, 4, and 5 within SKILL.md.\n
- Sanitization: The skill provides an instruction to the agent to derive a kebab-case name from the user's description, which acts as a format-based sanitization step before the input is used in shell commands.
Audit Metadata