openspec-verify-change
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands using the openspec CLI tool to list, check status, and apply instructions for change management.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted data sources.
- Ingestion points: Reads local project artifacts including tasks.md, design.md, and specification files located in openspec/changes//specs/.
- Boundary markers: Absent; there are no instructions or delimiters used to separate project data from agent instructions or to ignore embedded commands.
- Capability inventory: Executes openspec CLI commands with parameters derived from file content or user input.
- Sanitization: Absent; the skill does not sanitize or validate the content of the markdown files before processing them for verification logic.
Audit Metadata