openspec-new-change
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the 'openspec-cn' CLI to manage file scaffolding and status tracking. These operations are performed locally and align with the skill's primary purpose. No high-privilege commands or unauthorized system modifications were detected.
- [INDIRECT_PROMPT_INJECTION] (SAFE): 1. Ingestion points: User-provided change names and descriptions are used as input for CLI commands. 2. Boundary markers: Command arguments are encapsulated in double quotes within the instructions. 3. Capability inventory: Limited to subcommands of the 'openspec-cn' tool (new, status, instructions). 4. Sanitization: The skill contains a specific guardrail that requires validation of the 'kebab-case' format for the change name, effectively preventing the use of shell metacharacters or spaces for command injection.
Audit Metadata