openspec-new-change
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Interacts with the local system using the
openspecCLI. The skill executes commands to create new changes, check status, and retrieve instructions. Arguments for these commands are derived from user input. - [PROMPT_INJECTION]: Employs sanitization logic by requiring the agent to convert user descriptions into kebab-case names and validating the format before execution. This serves as a mitigation against potential command injection via malicious change names.
Audit Metadata