openspec-verify-change
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'openspec' command-line interface to retrieve change lists, status information, and context files. These operations are essential for the skill's primary purpose and utilize tools associated with the skill author.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and parsing external markdown documents to drive its verification logic. If these documents contain malicious instructions, they could influence the agent's behavior during the verification process.
- Ingestion points: Specification files in 'openspec/changes//specs/', 'tasks.md', and 'design.md' are read and parsed.
- Boundary markers: None are present; the skill identifies requirements and tasks using simple string patterns like '### Requirement:' or checkboxes.
- Capability inventory: The skill invokes the 'openspec' CLI and performs file system searches across the codebase.
- Sanitization: There is no evidence of sanitization or filtering applied to the content extracted from the markdown files before it is processed.
Audit Metadata