Skills
skills/neversight/skills_feed/superspec-research/Gen Agent Trust Hub

superspec-research

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Potential Shell Injection vulnerability in the change creation step.
  • Evidence: In SKILL.md, the command openspec new change <change> --schema superspec-rpi --description "<description>" uses variables <change> and <description> directly from user input.
  • Risk: If an attacker provides a change name or description containing shell metacharacters (e.g., "; touch /tmp/poc ; "), it could lead to arbitrary command execution on the host system.
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection via external tool output.
  • Ingestion points: The skill reads JSON output from openspec instructions proposal and openspec instructions specs (found in SKILL.md).
  • Boundary markers: None. The agent is instructed to "extract at minimum: 'outputPath', 'template' and/or 'instruction' content" and "fill the template precisely."
  • Capability inventory: The agent has the capability to write files to the filesystem (outputPath) and execute further openspec commands based on the state returned by previous calls.
  • Sanitization: No sanitization or validation of the instructions/templates retrieved from the openspec tool is performed. If the data source for openspec is compromised or contains malicious contributions, the agent will execute the embedded instructions to modify the local environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 12:05 AM