openspec-apply-change
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes specific commands via the
openspecCLI, includingopenspec list,openspec status, andopenspec instructions. These operations are used to retrieve implementation details and track progress within the tool's ecosystem. - [PROMPT_INJECTION]: The skill processes task descriptions and instructions from external sources, creating a surface for indirect prompt injection.
- Ingestion points: Reads local files specified in the
contextFilesoutput (e.g., proposal, specs, design, tasks) and interprets the dynamic instructions provided by theopenspec instructionscommand. - Boundary markers: No explicit delimiters or boundary markers are used to separate ingested content from system instructions.
- Capability inventory: The skill possesses the ability to execute
openspeccommands and modify local files (e.g., marking tasks as complete). - Sanitization: There is no evidence of sanitization, filtering, or validation of the content read from the context files before it is used to guide implementation steps.
Audit Metadata