Skills
skills/xu-cell/ai-engineering-init/openspec-ff-change/Gen Agent Trust Hub

openspec-ff-change

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands using the openspec CLI to manage change artifacts. Commands include openspec new, openspec status, and openspec instructions. These commands utilize arguments dynamically generated from user input.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and potential command injection through user-provided names or descriptions.
  • Ingestion points: Step 1 collects a change name or description directly from the user.
  • Boundary markers: No explicit shell escaping or strict boundary markers are defined for the command line arguments in the instructions.
  • Capability inventory: The skill has the capability to create directories and files via the openspec CLI and the TodoWrite tool.
  • Sanitization: The instructions direct the agent to 'derive a kebab-case name' from the user input. While this serves as a sanitization step, it relies on the AI agent's adherence to the instruction to prevent malicious characters from reaching the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:04 AM