Skills
skills/spot-canvas/ledger/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local CLI tool to retrieve system state.
  • Evidence: Executes openspec list --json to identify active changes and project status.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it incorporates untrusted data from the filesystem into its context.
  • Ingestion points: The skill reads local codebase files and OpenSpec artifacts such as proposal.md, design.md, and tasks.md from the openspec/changes/ directory.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when reading these files.
  • Capability inventory: The skill can read any file in the codebase, write to markdown artifacts, and execute the openspec CLI.
  • Sanitization: There is no evidence of sanitization or filtering for instructions embedded within the codebase or design documents before they are processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:21 PM