Skills
skills/zelinewang/claudemem/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec list --json command to retrieve metadata about active project changes and schemas from the local environment.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data from the codebase.
  • Ingestion points: Reads project artifacts including openspec/changes/*/proposal.md, design.md, tasks.md, and specs/*/spec.md.
  • Boundary markers: The skill does not define clear boundary markers or instructions to ignore embedded commands when processing these files.
  • Capability inventory: The skill has capabilities to execute the openspec CLI tool and write/update documentation files within the project structure.
  • Sanitization: There is no evidence of input sanitization or content validation for the files read from the codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 03:54 AM