The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with the local environment by executing several openspec CLI commands, including new, status, and instructions, which is consistent with its stated purpose of artifact management.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The skill reads dynamic data from the openspec instructions JSON output, specifically the instruction, context, and rules fields. Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded commands within the ingested CLI data. Capability inventory: The skill can execute shell commands and perform file system writes based on instructions received. Sanitization: Content retrieved from the CLI is used directly to constrain agent output without explicit sanitization or validation.
[COMMAND_EXECUTION]: The skill uses user input to construct a shell command in the openspec new change "<name>" step. Although the prompt directs the agent to sanitize this into a kebab-case format, an adversarial input that bypasses this transformation could lead to command injection if the underlying shell is not properly handled by the agent environment.

openspec-ff-change