openspec-new-change
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to interact with the openspec CLI tool. It executes commands such as openspec new change, openspec status, and openspec instructions based on user-provided names and identifiers.
- [PROMPT_INJECTION]: The skill processes user input to define change names. It includes a specific instruction to ensure names are in kebab-case, which functions as a form of input validation to prevent malformed strings from affecting shell command execution.
Audit Metadata