openspec-e2e
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to run tests and explore applications, using tools such as
npx playwright testand theopenspec-pwutility.- [REMOTE_CODE_EXECUTION]: The skill dynamically generates TypeScript code (.spec.ts files) based on external specifications and web page snapshots, which is then executed. This represents a dynamic code execution path derived from external inputs.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it processes untrusted data from external web pages and specification files to plan and generate executable code. - Ingestion points: Specification files (
openspec/changes/<name>/specs/*.md) and web content (via browser snapshots). - Boundary markers: The instructions do not define explicit delimiters or "ignore" instructions for external data.
- Capability inventory: The agent has the ability to write files and execute shell commands.
- Sanitization: There is no mention of sanitizing or validating ingested data before it influences code generation.
Audit Metadata