openspec-sdd
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent and user to install the "@fission-ai/openspec" npm package globally. This package is the core toolset for the Spec-Driven Development process described in the skill.
- [COMMAND_EXECUTION]: The skill operates by executing various CLI commands from the "openspec" tool, including "init", "new", "status", "validate", and "archive", to manage the SDD lifecycle.
- [PROMPT_INJECTION]: The skill processes external, user-supplied specification data, creating a surface for indirect prompt injection where malicious instructions could be embedded in specs or change proposals. * Ingestion points: Specification files located in "openspec/specs/" and change artifacts within "openspec/changes/". * Boundary markers: The skill relies on Markdown structural headers and strict formatting rules, such as RFC 2119 keywords and GIVEN/WHEN/THEN scenario blocks. * Capability inventory: The agent has the capability to create and modify source code files and execute CLI commands based on the content of the processed specifications. * Sanitization: The skill includes a "Spec Quality Checklist" and uses the "openspec validate" command to ensure the structural integrity of the input files.
Audit Metadata