openspec-continue-change
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill constructs shell commands by interpolating variables like and which are sourced from previous openspec CLI JSON outputs. This presents a potential command injection surface if the underlying CLI returns malicious strings.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Parses JSON output from openspec list, status, and instructions commands, and reads contents of local dependency files. 2. Boundary markers: No delimiters or ignore instructions are used when handling external data. 3. Capability inventory: Executes openspec commands and writes files to paths (outputPath) defined by external CLI data. 4. Sanitization: No sanitization or validation is performed on inputs used for command execution or file path construction.
Audit Metadata