Skills
skills/spot-canvas/sn/openspec-apply-change/Gen Agent Trust Hub

openspec-apply-change

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec CLI tool to retrieve project status and instructions. It interpolates variables such as change names into shell commands (e.g., openspec status --change "<name>" --json), which could be a risk if the agent environment does not properly escape input characters.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it reads and follows instructions found in external project files.
  • Ingestion points: Reads local files defined in contextFiles (such as tasks, specs, and proposals) and uses their content to guide implementation.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the context files.
  • Capability inventory: The skill can execute shell commands via the openspec CLI and has file system read/write access to implement code changes.
  • Sanitization: No validation or sanitization of the content within the context files is performed before the agent acts on the information.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 03:23 PM