openspec-verify-change
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Executes the 'openspec' CLI tool locally to retrieve change lists, status, and instructions for implementation verification.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from analyzed project files.
- Ingestion points: Reads content from 'tasks.md', 'design.md', and specification files within the 'openspec/changes/' directory as specified in 'SKILL.md'.
- Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands within the ingested project artifacts.
- Capability inventory: Authorized to execute 'openspec' CLI subprocesses for listing and status checks.
- Sanitization: No evidence of content sanitization or validation for text extracted from project files before generating the report.
- [DATA_EXFILTRATION]: Accesses local project files and change artifacts. All data processing is local; no network requests or external data transfers were identified.
Audit Metadata