openspec-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill performs local file management using the openspec CLI and standard commands like mkdir and mv.
- [DATA_EXFILTRATION]: The skill reads local status data and task lists; no network communication or data transmission occurs.
- [PROMPT_INJECTION]: The skill processes data from tool outputs and local files, which is an indirect prompt injection surface.
- Ingestion points: Output from openspec list, openspec status, and the tasks.md file.
- Boundary markers: Not present.
- Capability inventory: File system moves and directory creation.
- Sanitization: Significant actions are gated by user confirmation via the AskUserQuestion tool.
Audit Metadata