Skills
skills/ada20204/antigravity-sync-mcp/openspec-new-change/Gen Agent Trust Hub

openspec-new-change

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the local environment by executing commands through the openspec CLI tool, such as creating new change scaffolds and retrieving status updates.
  • [INDIRECT_PROMPT_INJECTION]: The skill uses input from the user to determine parameters for CLI commands, creating a potential surface for indirect injection.
  • Ingestion points: User descriptions of features or fixes are processed to derive identifiers for the openspec commands in SKILL.md.
  • Boundary markers: No explicit delimiters are used to wrap the user-derived content within the command strings.
  • Capability inventory: The skill possesses the capability to execute shell commands via the openspec binary.
  • Sanitization: The skill contains a mandatory guardrail requiring the agent to validate that the generated name is in 'kebab-case' before proceeding, which prevents the use of shell metacharacters or redirection operators.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 01:07 PM