Skills
skills/yankeguo/weavmail/openspec-ff-change/Gen Agent Trust Hub

openspec-ff-change

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various subcommands using the openspec CLI, such as new, status, and instructions, to manage the development lifecycle of project changes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it consumes and obeys instructions provided in the output of local commands.
  • Ingestion points: The skill ingests data from the instruction, rules, and context fields provided in the JSON output of the openspec instructions command in step 4a.
  • Boundary markers: There are no explicit instructions to the agent to treat the ingested JSON fields as untrusted data or to use delimiters to prevent these instructions from overriding the agent's core logic.
  • Capability inventory: The skill has the capability to execute shell commands via the openspec CLI and performs file writing operations to paths defined by the tool's output.
  • Sanitization: The skill does not implement validation or sanitization of the instruction strings before they are used to guide the generation of output files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 07:21 AM