openspec-explore
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a restricted 'thinking stance' that explicitly prohibits writing application code or implementing features, focusing solely on analysis and documentation.
- [COMMAND_EXECUTION]: The skill uses the 'openspec list --json' command to retrieve current project state; this is a standard operational requirement for interacting with the OpenSpec CLI tool.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data (Ingestion points: codebase files and artifacts in 'openspec/changes/'). Boundary markers and sanitization for this data are absent. However, the capability inventory is restricted to markdown file creation and local CLI queries, and the skill includes guardrails requiring user consent before capturing insights, which mitigates the risk of automated instruction following.
Audit Metadata