The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with the local system by executing the openspec CLI tool. It runs commands such as openspec list, openspec status, and openspec instructions apply to manage the lifecycle of a change. These operations are essential for the skill's core functionality and do not exhibit malicious patterns.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes data from external sources to guide the agent's actions. Ingestion points: The skill reads JSON output from the openspec CLI and content from project context files (e.g., specs, design, tasks). Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate potential commands embedded within the project files. Capability inventory: The agent has the ability to execute the openspec CLI, read local files, and write implementation code to the filesystem. Sanitization: The skill does not include logic to sanitize or validate the content of the ingested context files before using them to direct the implementation loop. This surface is characteristic of tools that process user-controlled documentation to automate coding tasks.

openspec-apply-change