The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the openspec CLI tool to list available changes. This is a local command execution of a utility associated with the skill author used to retrieve system state.
[PROMPT_INJECTION]: The skill processes external delta specification files which introduces a surface for indirect prompt injection. Ingestion points: Data is read from files at openspec/changes/<name>/specs/*/spec.md. Boundary markers: The instructions do not define specific delimiters to isolate the untrusted data from the agent's instructions. Capability inventory: The agent can modify local files in the openspec/specs/ directory and execute the openspec CLI. Sanitization: The skill lacks explicit sanitization or validation of the input markdown before applying changes to main specifications. The 'read-before-write' instruction provides a functional check but does not fully mitigate adversarial content.

openspec-sync-specs