openspec-propose
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill instructions focus on a legitimate project management workflow using a specific CLI tool.
- [COMMAND_EXECUTION]: The skill executes directed 'openspec' CLI commands. The instructions include a requirement to format user-provided change names as kebab-case, which acts as a safeguard against potential command injection attempts.
- [PROMPT_INJECTION]: The skill does not contain any instructions that attempt to override the AI's safety guidelines, bypass constraints, or extract internal system prompts.
- [EXTERNAL_DOWNLOADS]: The skill references a dependency on the 'openspec' CLI but does not attempt to download, install, or execute remote scripts at runtime.
Audit Metadata