Skills
skills/fengshao1227/ccg-workflow/openspec-continue-change/Gen Agent Trust Hub

openspec-continue-change

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec CLI with arguments derived from the user or context, providing a functional interface for project management.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the openspec CLI tool as an external dependency.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming and acting on information from external project files and CLI outputs.
  • Ingestion points: Data from openspec instructions output fields and project dependency files.
  • Boundary markers: Present; the instructions explicitly separate internal constraints from the generated artifact content.
  • Capability inventory: File system write access and shell command execution.
  • Sanitization: Relies on the AI following instructional boundaries when processing external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 08:45 AM
Security Audit — agent-trust-hub — openspec-continue-change