openspec-onboard
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the openspec CLI and the local environment, including status checks, git history retrieval, and project organization tasks.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the user's codebase during the task suggestion phase.
- Ingestion points: The skill scans local source files for TODO, FIXME, and other markers in Phase 2.
- Boundary markers: There are no explicit delimiters or instructions to ignore instructions embedded within the codebase comments.
- Capability inventory: The skill can execute openspec commands and write to the local file system.
- Sanitization: The skill does not sanitize or validate the content of the discovered code comments before presenting them to the agent.
Audit Metadata