Skills
skills/cachemoney/agent-toolkit/openspec-to-td/Gen Agent Trust Hub

openspec-to-td

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes shell commands using the td (and occasionally bd) CLI tools to create issues, manage work sessions, and set dependencies.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It reads content from openspec/changes/ (including proposal.md, tasks.md, and spec.md) and uses this data to populate parameters in shell commands.\n
  • Ingestion points: Processes untrusted data from multiple files within the openspec/changes/ directory including proposal, task, and spec Markdown files.\n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the processed files are provided to the agent.\n
  • Capability inventory: The skill possesses the ability to create and modify data via the td CLI tool, which could be exploited to run unintended commands if input is not handled correctly.\n
  • Sanitization: The skill lacks explicit instructions or logic for sanitizing or escaping shell metacharacters from the file content before interpolation into command templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 11:29 PM