openspec-brownfield-baseline
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run
openspec initto prepare the project structure for specifications if the command-line tool is available on the host system. - [SAFE]: No evidence of credential harvesting, data exfiltration, or malicious prompt injection was found. The skill operates within the expected scope of a documentation assistant.
- [SAFE]: An evaluation of the indirect prompt injection surface shows that while the skill ingests codebase content to generate documentation, the risks are mitigated by the descriptive nature of the output. Ingestion points include project source files and logs; no explicit boundary markers or sanitization steps are used; capabilities are limited to standard file operations and the initialization of the OpenSpec environment.
Audit Metadata