The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands such as mkdir and mv, as well as the openspec CLI, using variables like <name> derived from user input. The lack of explicit instructions to sanitize or validate these inputs before interpolation into shell strings creates a risk of command injection or path traversal if a malicious change name is provided.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and summarizing the contents of tasks.md and various specification files to determine completion status and sync states. Malicious instructions embedded in these files could attempt to manipulate the agent's logic or summaries.
Ingestion points: The skill reads data from tasks.md and specification files located in openspec/changes/<name>/specs/.
Boundary markers: None identified; the agent is instructed to read, parse, and summarize the file content directly without delimiters or safety instructions.
Capability inventory: The skill possesses the ability to modify the file system (mkdir, mv), read local files, and execute commands via the openspec CLI.
Sanitization: There are no specified sanitization or validation steps for the content retrieved from local files before it is processed or displayed in summaries.

openspec-archive-change