openspec-config
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
openspec configcommand-line utility to manage global settings, including listing, getting, and setting configuration keys. - [PROMPT_INJECTION]: The skill is designed to inject user-defined project context and rules from
openspec/config.yamlinto the agent's instructions. This is a primary feature for improving response quality but creates a surface for indirect prompt injection if the project file is sourced from an untrusted repository. - Ingestion points: Data is read from
openspec/config.yaml(thecontextandrulesfields). - Boundary markers: Injected context is delimited using
<project-context>and<project-rules>tags. - Capability inventory: The skill can execute local commands and modify project-level configuration files.
- Sanitization: The instructions do not specify validation or sanitization of the injected text.
Audit Metadata