openspec-apply-change
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs expected development tasks such as reading project files and executing a specific command-line interface tool (openspec) to track and implement changes. No suspicious code patterns or unauthorized access to sensitive data were found.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an inherent surface for indirect prompt injection because it processes untrusted data from external sources.
- Ingestion points: The agent reads JSON output from the openspec CLI and content from project files defined as contextFiles in Step 4.
- Boundary markers: Absent. No delimiters or specific instructions are provided to the agent to ignore potentially malicious instructions embedded in the external files it reads.
- Capability inventory: The skill has the ability to execute shell commands (openspec) and perform arbitrary code modifications within the project directory.
- Sanitization: Absent. The agent is instructed to parse output and implement changes based on natural language descriptions without any validation of the input source.
Audit Metadata