openspec-ff-change
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill relies on executing the
openspec-cnCLI tool for several operations (creating changes, checking status, fetching instructions). This is an external dependency that must be trusted by the user. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data to generate output:
- Ingestion points: Reads JSON output from
openspec-cn instructionsand the content of 'completed dependency files' from the local filesystem. - Boundary markers: Includes instructions to treat certain fields (
context,rules) as constraints rather than content, but does not implement strict delimiters for the interpolated data. - Capability inventory: Capable of executing shell commands (
openspec-cn) and creating/writing files based on processed input. - Sanitization: No explicit sanitization or validation of the content read from external files or tool outputs before it is used to generate new artifacts.
Audit Metadata