Skills
skills/lis186/ccxray/openspec-sync-specs/Gen Agent Trust Hub

openspec-sync-specs

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec CLI utility using the command openspec list --json to retrieve a list of available changes. This is a core part of its intended functionality.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) as it reads and interprets markdown content from specification files to determine how to edit other files.
  • Ingestion points: Reads delta and main specification files located in openspec/changes/<name>/specs/ and openspec/specs/ respectively.
  • Boundary markers: None identified. The skill lacks instructions to treat the file content as untrusted data or delimiters to separate instructions from data.
  • Capability inventory: Includes the ability to read and write files within the openspec/ directory and execute the openspec CLI.
  • Sanitization: No validation or sanitization of the specification file content is performed before the agent interprets the 'intent' of the changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:17 PM