openspec-bulk-archive-change
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the openspec CLI to fetch change lists and statuses, and utilizes shell commands like mkdir and mv to archive directories. These operations are limited to the project's working directory and are consistent with the skill's purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes content from external files (tasks, specs, and source code) to make logic decisions during conflict resolution.
- Ingestion points: reads openspec/changes//tasks.md, files in openspec/changes//specs/, and various codebase files.
- Boundary markers: Absent; no delimiters or instructions are used to distinguish project data from agent instructions.
- Capability inventory: performs file system operations (mkdir, mv) and executes CLI tools (openspec).
- Sanitization: Absent; no validation or escaping is applied to the content of ingested files before processing.
Audit Metadata