openspec-verify-change
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes local 'openspec' CLI commands to retrieve change lists, status, and instructions. This is a core part of its intended functionality and does not involve elevated privileges or suspicious remote execution.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it parses and acts upon the content of external markdown files. Evidence: 1. Ingestion points: Processes 'tasks.md', 'design.md', and specification files from the local change directory. 2. Boundary markers: The skill does not use specific delimiters or instructions to treat the ingested file content as untrusted data. 3. Capability inventory: The agent can execute CLI commands and read/search the entire codebase based on information found in these files. 4. Sanitization: No evidence of sanitization or validation of the input markdown content before it influences the agent's logic.
Audit Metadata