accelint-onboard-openspec
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate configuration assistant that performs standard file I/O operations consistent with its stated purpose of project onboarding. It does not attempt to execute unauthorized commands or exfiltrate data.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it reads project metadata and configuration files to infer technical stack details. However, the resulting data is constrained by a rigid YAML template and subject to human review before file creation.
- Ingestion points: Reads various local configuration files such as
package.json,tsconfig.json,.nvmrc, and CI/CD workflow definitions inSKILL.md(Phase 3). - Boundary markers: The skill uses a structured YAML template with predefined sections to isolate inferred data from the rest of the agent's context.
- Capability inventory: Has capabilities to read project files for discovery and write to
openspec/config.yaml(Phase 4). - Sanitization: Includes an explicit validation step to verify YAML syntax and integrity before and after writing the configuration file.
Audit Metadata