openspec-continue-change
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes the openspec CLI tool with subcommands such as list, status, and instructions to query project state and retrieve generation templates.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the processing of instruction and template fields provided by the openspec CLI.
- Ingestion points: Data enters the agent context through the JSON output of the openspec list, openspec status, and openspec instructions commands in SKILL.md.
- Boundary markers: Absent. The skill instructions do not use delimiters or provide the agent with explicit warnings to ignore embedded instructions within the CLI data.
- Capability inventory: The skill possesses the capability to execute openspec CLI commands and perform file writes to the local filesystem at paths determined by the CLI output.
- Sanitization: Absent. There is no evidence of validation or sanitization of the content retrieved from the CLI before it is used to guide the creation of new files.
Audit Metadata