openspec-apply-change
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the 'openspec' CLI, interpolating a change name variable into the command string (e.g.,
openspec status --change "<name>"). If the variable is not strictly validated or sanitized, it provides a surface for command injection.- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through the ingestion of untrusted data during the implementation process. - Ingestion points: Files read from the
contextFileslist provided by the CLI tool. - Boundary markers: Absent; the instructions do not specify delimiters or warnings to ignore instructions within these files.
- Capability inventory: The skill has the ability to modify the filesystem ('Make the code changes required') and execute CLI tools ('openspec').
- Sanitization: Absent; the skill does not validate or sanitize the contents of the files before using them to guide implementation tasks.
Audit Metadata