openspec-onboard
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local shell commands to facilitate the OpenSpec workflow. This includes checking initialization status (
openspec status), viewing git history (git log), creating change containers (openspec new change), and archiving work (openspec archive). These commands are used for their intended project management purposes. - [PROMPT_INJECTION]: The skill implements a codebase analysis feature that scans for improvement opportunities like TODOs, missing tests, and type issues. This introduces a surface for indirect prompt injection from untrusted data within the codebase.
- Ingestion points: The agent scans files in the codebase and git logs during Phase 2 (Task Selection) to identify potential work items.
- Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between its own logic and potentially malicious instructions embedded in codebase comments.
- Capability inventory: The skill is capable of modifying files in the codebase and executing shell commands via the OpenSpec CLI.
- Sanitization: No sanitization or validation of the content discovered during codebase scanning is performed before it is used to influence the agent's task suggestions.
Audit Metadata