Skills
skills/xu-cell/ai-engineering-init/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.
  • Ingestion points: The skill reads arbitrary files from the codebase and specific project artifacts located in openspec/changes/<name>/ (e.g., proposal.md, design.md, tasks.md).
  • Boundary markers: Absent. There are no instructions to use delimiters or to disregard potential instructions found within the files the agent investigates.
  • Capability inventory: The agent can read files, search the codebase, execute the openspec CLI, and write new Markdown artifacts (proposals, designs, specs).
  • Sanitization: Absent. No filtering or escaping is applied to the content extracted from local files before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill executes local system commands via the openspec CLI.
  • Evidence: It calls openspec list --json to retrieve project context, including active changes and status. This is an intended functionality for the skill's purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:04 AM