open-spec-propose
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to manage a structured development workflow by gathering user requirements and generating local architectural documentation. All file operations are restricted to the local workspace and align with the skill's stated purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill accepts user-provided descriptions and change names which are then written into markdown files. While there is no explicit sanitization, the risk is negligible as the generated content is static documentation and does not trigger executable code. 1. Ingestion points: User descriptions via the AskUserQuestion tool in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File system write operations in specs/changes/ directory via the TodoWrite tool. 4. Sanitization: Absent.
Audit Metadata