accelint-onboard-openspec

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a legitimate configuration assistant that performs standard file I/O operations consistent with its stated purpose of project onboarding. It does not attempt to execute unauthorized commands or exfiltrate data.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it reads project metadata and configuration files to infer technical stack details. However, the resulting data is constrained by a rigid YAML template and subject to human review before file creation.
  • Ingestion points: Reads various local configuration files such as package.json, tsconfig.json, .nvmrc, and CI/CD workflow definitions in SKILL.md (Phase 3).
  • Boundary markers: The skill uses a structured YAML template with predefined sections to isolate inferred data from the rest of the agent's context.
  • Capability inventory: Has capabilities to read project files for discovery and write to openspec/config.yaml (Phase 4).
  • Sanitization: Includes an explicit validation step to verify YAML syntax and integrity before and after writing the configuration file.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 12:31 AM
Security Audit — agent-trust-hub — accelint-onboard-openspec