Skills
skills/finger-gun/sisu/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates the <name> variable directly into shell commands in Step 2 (openspec status --change "<name>") and Step 5 (mv openspec/changes/<name> ...). If the change name contains shell-active characters like semicolons or pipes, it could lead to unintended command execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection in Step 3 when processing external data.
  • Ingestion points: Reads and parses the content of the tasks.md file.
  • Boundary markers: None identified; the agent parses the markdown file directly without delimiters or instruction protection.
  • Capability inventory: The agent can execute shell commands (mkdir, mv, openspec) and write to the file system.
  • Sanitization: No escaping or validation is performed on the content of tasks.md or the interpolated change name before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:41 AM