Skills
skills/mvdmakesthings/claude-marketplace/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands including mkdir and mv to manage directory structures and archives. It also invokes the openspec CLI tool to retrieve project metadata and status information. These operations are scoped to the project's openspec/ directory.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the presence of the openspec CLI as an external dependency to perform its core functions, such as listing active changes and checking artifact completion.
  • [PROMPT_INJECTION]: The skill processes content from local files like tasks.md and the output of the openspec status command, which presents an indirect prompt injection surface.
  • Ingestion points: Data is ingested from the tasks.md file and the JSON output of the openspec status command.
  • Boundary markers: The instructions do not define specific boundary markers or delimiters for the ingested content.
  • Capability inventory: The skill has the capability to create directories, move files, and execute specific CLI commands.
  • Sanitization: No explicit sanitization of the ingested data is specified, although the skill's logic is primarily focused on checking status flags and counting markers rather than executing or rendering natural language content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 08:50 AM