execute-openspec-change
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs repository operations and executes project test suites. It orchestrates git commands such as 'git tag', 'git merge', and 'git diff' to manage code worktrees and merge changes. It uses a 'run_command' function to execute automated tests discovered within the project environment.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes content from markdown files that influence its logic. Ingestion points: Content is read from 'proposal.md', 'design.md', and 'tasks.md' within the 'openspec/changes/' directory. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested files. Capability inventory: The skill can modify the file system, execute shell commands, and delegate implementation tasks to subagents. Sanitization: No validation or filtering is performed on the ingested markdown content before it is used to generate execution plans.
Audit Metadata