Skills
skills/pbh-btn/peerbanhelper/openspec-continue-change/Gen Agent Trust Hub

openspec-continue-change

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill's core functionality is entirely dependent on an external, unverified command-line interface (CLI) tool named openspec. The skill instructs the AI to execute openspec commands and process their output, including reading and writing files based on openspec's instructions. The security of this skill is therefore directly tied to the security and trustworthiness of the openspec CLI, which cannot be audited from the provided skill definition.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable Dependency

  • Line 5: The skill explicitly states compatibility: Requires openspec CLI.. The entire functionality of the skill hinges on this external executable. We cannot verify the security of the openspec CLI itself. If openspec is malicious or compromised, it could instruct the AI to perform arbitrary file operations (reading sensitive files, writing malicious content) or network requests, leading to command execution or data exfiltration.

🔵 LOW Findings: • Potential Command Execution / Data Exfiltration via Unverified Dependency

  • Line 36: The skill instructs the AI to "Read any completed dependency files for context" and "Write to the output path specified in instructions". These file paths and contents are determined by the output of the openspec CLI. If a malicious openspec CLI were to provide crafted outputPath or dependencies values, it could lead to the AI reading or writing arbitrary files on the system, potentially exfiltrating sensitive data or executing malicious code. This risk is inherent to the unverifiable dependency.

ℹ️ TRUSTED SOURCE References: • Indirect Prompt Injection Risk

  • Line 20: The skill processes JSON output from the openspec CLI (e.g., change names, artifact instructions) and user input for selecting changes. If this external data or user input is maliciously crafted, it could lead to indirect prompt injection, manipulating the AI's behavior beyond its intended purpose.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 01:47 AM