openspec-verify-change
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local CLI commands using the 'openspec' tool to list changes, retrieve status, and apply instructions. Evidence: calls 'openspec list', 'openspec status', and 'openspec instructions apply'.
- [PROMPT_INJECTION]: The skill parses content from local files like tasks.md and design documents, making it vulnerable to indirect prompt injection.
- Ingestion points: Reads local context files (tasks.md, design.md) and specification files within the openspec directory.
- Boundary markers: Absent; no delimiters or markers are used to isolate file content from the agent's reasoning instructions.
- Capability inventory: The skill can execute CLI commands via the openspec tool and perform global codebase searches.
- Sanitization: Processes file content directly using keyword searches and status checks without validation or escaping.
Audit Metadata