Skills
skills/ruan-cat/monorepo/openspec/Gen Agent Trust Hub

openspec

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a local CLI tool named openspec to handle project tasks like initialization (openspec init), status checking (openspec status), and archiving (openspec archive).
  • [EXTERNAL_DOWNLOADS]: The skill points to the @fission-ai/openspec package on the NPM registry for installation and references the official GitHub repository at https://github.com/Fission-AI/OpenSpec for documentation.
  • [REMOTE_CODE_EXECUTION]: The openspec update command is designed to fetch and apply updates to local instruction files from the project's remote repository.
  • [PROMPT_INJECTION]: The skill processes project-specific Markdown files to define system behavior and tasks, creating a surface for indirect prompt injection.
  • Ingestion points: Requirement and change files stored in openspec/specs/ and openspec/changes/.
  • Boundary markers: The framework relies on Markdown headers (e.g., ## ADDED Requirements) and Gherkin keywords but lacks specific instructions to ignore malicious commands embedded in these files.
  • Capability inventory: The skill can execute CLI commands and perform filesystem modifications.
  • Sanitization: There is no evidence of automated sanitization or filtering for the Markdown content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 10:03 PM