openspec-explore
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'openspec list --json' command to retrieve project metadata and status information.
- [DATA_EXFILTRATION]: Instructions allow the agent to read local project files and documentation (e.g., proposal.md, design.md) to inform discussions. No network-based exfiltration was found.
- [PROMPT_INJECTION]: The skill contains logic to enforce a 'thinking' behavior and explicitly forbids code generation or feature implementation, which serves as a safety boundary for the agent's behavior.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and summarize content from the user's codebase and project documentation. While these sources are potentially untrusted, the skill's restriction against writing code mitigates the risk of executing malicious instructions embedded in those files.
Audit Metadata