openspec-apply
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from local files such as
tasks.mdanddesign.mdto guide the implementation process, creating an indirect prompt injection surface. - Ingestion points:
tasks.md,design.md, and documents in thespecs/directory. - Boundary markers: The skill does not specify the use of delimiters or instructions to ignore embedded commands within these files.
- Capability inventory: The instructions direct the agent to write code, modify files, and execute tests, which are high-capability actions.
- Sanitization: No sanitization or validation of the input file content is defined.
- [COMMAND_EXECUTION]: The skill's workflow includes running tests as part of the implementation process, which involves executing code or shell commands within the user's environment.
- [NO_CODE]: This skill consists entirely of markdown instructions and does not bundle any executable scripts or binary files.
Audit Metadata