The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands such as mkdir and mv using a <name> variable derived from user input or inferred from the conversation context. This presents a potential risk of command injection or path traversal if the input contains shell metacharacters (e.g., ;, &) or directory traversal patterns (e.g., ../). Although the instructions suggest prompting the user for selection, the allowance for 'inferred' names could be exploited if not properly sanitized by the agent.- [PROMPT_INJECTION]: There is an indirect prompt injection surface as the skill reads content from tasks.md and local delta specification files and includes summaries of this content in prompts for a subagent.
Ingestion points: Reads data from tasks.md, openspec/changes/<name>/specs/, and openspec status --json output.
Boundary markers: Absent; the skill interpolates analyzed data directly into the Task tool prompt for the subagent.
Capability inventory: File system modification (mkdir, mv), execution of the openspec CLI, and invocation of general-purpose subagents.
Sanitization: No explicit validation or escaping is performed on the content of the files or the inferred change names before they are processed or passed to other tools.

openspec-archive-change