Skills
skills/halo-dev/cli/openspec-explore/Gen Agent Trust Hub

openspec-explore

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the openspec CLI tool using the command openspec list --json to gather project context.
  • [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by ingesting external data from the codebase.
  • Ingestion points: The agent is instructed to read codebase files and OpenSpec artifacts (e.g., proposal.md, design.md) in SKILL.md.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present for the data being read.
  • Capability inventory: The skill uses CLI commands (openspec) and file-reading operations; it can also create new OpenSpec artifacts.
  • Sanitization: No validation or sanitization of the input file content is implemented.
  • Context: The potential impact is mitigated by core instructions that prohibit the agent from implementing code or features in this mode.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 06:46 AM