open-spec-complete
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'git diff HEAD --stat' and 'git status' to identify changes in the project environment.
- [COMMAND_EXECUTION]: The skill uses 'rm -rf specs/changes/' to clean up temporary files. This interpolation of a name variable into a recursive delete command could lead to path traversal and unintended data loss if the input is not properly validated.
- [PROMPT_INJECTION]: The skill processes content from local specification files, creating a surface for indirect prompt injection.
- Ingestion points: Reads markdown files from 'specs/features/' and 'specs/changes/' (SKILL.md).
- Boundary markers: The instructions do not specify any delimiters or safety markers to differentiate file content from system instructions.
- Capability inventory: The skill possesses the ability to execute shell commands and write to the file system.
- Sanitization: No sanitization or validation of the file content is performed prior to processing.
Audit Metadata