Skills
skills/finger-gun/sisu/openspec-sync-specs/Gen Agent Trust Hub

openspec-sync-specs

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec list --json command. This is a vendor-specific CLI tool used to retrieve metadata required for the synchronization process. This is a standard operation within the intended use-case of the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external specification files to determine how to edit other files.
  • Ingestion points: Reads delta specification content from files located at openspec/changes/<name>/specs/*/spec.md.
  • Boundary markers: Absent; the agent is instructed to interpret Markdown headers (e.g., ## ADDED Requirements) without explicit delimiters or warnings to ignore instructions within those sections.
  • Capability inventory: The skill has the capability to read from and write to the local filesystem (specifically .md files in the openspec/ directory) and execute the openspec CLI.
  • Sanitization: No sanitization is performed on the input file content before it is processed by the agent; the skill relies on the user to select the appropriate 'change' to sync.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 07:41 AM