openspec-bulk-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations using
mkdirandmvto move directories into an archive folder. These operations are part of the intended archiving logic and target the local project structure. - [PROMPT_INJECTION]: There is an indirect prompt injection surface in step 5, where the agent reads 'delta specs' from the local file system to determine how to resolve conflicts. If these files contain hidden instructions, the agent might follow them during the investigation phase.
- Ingestion points: The agent reads content from
openspec/changes/<name>/tasks.mdand various files within theopenspec/changes/<name>/specs/directory. - Boundary markers: Absent. There are no specific delimiters or instructions provided to the agent to disregard instructions found within the ingested files.
- Capability inventory: The skill can execute shell commands (
mkdir,mv) and perform automated spec merging. - Sanitization: Absent. No filtering or validation is performed on the content of the task or spec files before processing.
Audit Metadata