openspec-bulk-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands, including 'openspec list', 'openspec status', 'mkdir', and 'mv'. These commands use variable interpolation for directory names and change identifiers, which are derived from tool outputs.
- [PROMPT_INJECTION]: The skill processes external, user-controlled data that could contain malicious instructions.
- Ingestion points: Reads and parses 'tasks.md' and delta specification files within the 'openspec/changes/' directory.
- Boundary markers: There are no defined boundary markers or instructions to ignore embedded commands when the agent reads and interprets these files.
- Capability inventory: The agent has the ability to move directories, create folders, and perform 'agentic' merging of specifications based on its analysis of the content.
- Sanitization: The skill does not implement sanitization or validation of the text content extracted from the markdown files before using it to determine its course of action.
Audit Metadata