openspec-new-change
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes multiple shell commands using the 'openspec' CLI tool ('openspec new change', 'openspec status', and 'openspec instructions'). These commands are executed locally but depend on a third-party tool that is not in the trusted source list.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it transforms user-provided descriptions into command-line arguments. 1. Ingestion points: User input in Step 1. 2. Boundary markers: Project names are wrapped in double quotes in Step 3. 3. Capability inventory: Execution of local CLI binaries. 4. Sanitization: Instruction-based guardrail requiring validation of 'kebab-case' format for project names.
Audit Metadata