Skills
skills/yankeguo/weavmail/openspec-continue-change/Gen Agent Trust Hub

openspec-continue-change

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the openspec CLI, such as openspec status --change "<name>" and openspec instructions <artifact-id>. The variables <name> and <artifact-id> can be derived from user input or external tool output. If these inputs contain shell metacharacters (e.g., ;, &&, |), they could be used to execute arbitrary commands on the host system.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting data from external sources to guide its behavior.
  • Ingestion points: Data enters the context via openspec CLI outputs and the content of files specified in the dependencies field.
  • Boundary markers: There are no delimiters or specific instructions provided to the agent to ignore potentially malicious instructions embedded within the ingested data.
  • Capability inventory: The skill has the capability to execute CLI commands and write files to arbitrary locations defined by the outputPath field.
  • Sanitization: No sanitization or validation is performed on the content read from external files or tool outputs before it is used to generate new artifacts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 07:20 AM