openspec-onboard
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several local commands including
openspec status,git log,openspec new change, andopenspec archive. These are used to manage the project's state and decision history within the intended OpenSpec workflow. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. Ingestion points: The agent scans the local codebase for TODO/FIXME comments and reads file contents in Phase 2 and Phase 3 to suggest tasks. Boundary markers: No delimiters or specific instructions are provided to the agent to treat these external inputs as untrusted or to ignore any embedded instructions. Capability inventory: The skill has the ability to write to the file system and execute shell commands via the openspec and git CLIs. Sanitization: There is no explicit sanitization or validation of the content read from codebase files or git logs before it is used to influence the agent's behavior.
Audit Metadata