openspec-explore
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the openspec CLI tool (e.g., openspec list --json) to gather project context and metadata. This is standard behavior for the tool's integration and is considered safe as it utilizes vendor-specific infrastructure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes arbitrary files from the user's codebase. Ingestion points: Reads codebase files, search results, and OpenSpec artifacts. Boundary markers: Absent; there are no specified delimiters to help the agent distinguish instructions from data. Capability inventory: Executes openspec CLI commands and creates documentation artifacts. Sanitization: Absent; the skill does not define validation or filtering of content retrieved from the filesystem.
Audit Metadata