openspec-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file system operations by executing
mkdirandmvvia the shell to manage archive directories. - [PROMPT_INJECTION]: An indirect prompt injection surface was identified.
- Ingestion points: Data is ingested from user input, the JSON output of
openspec list --json, and the contents oftasks.md. - Boundary markers: Absent. The skill lacks markers to distinguish instructions from data during command interpolation of the
<name>variable. - Capability inventory: The skill has the ability to execute shell commands and utilize the
openspecCLI for system modifications. - Sanitization: Absent. No sanitization or validation logic is present to prevent shell metacharacters in the
<name>variable from being executed in the shell context.
Audit Metadata