openspec-sync
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests delta specs from the openspec/changes/ directory, which acts as an ingestion point for untrusted data. Malicious instructions embedded within these specs could potentially influence agent behavior during the merge or in subsequent tasks. 1. Ingestion points: Files within openspec/changes//specs/ 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded content are defined 3. Capability inventory: The skill modifies files in the openspec/specs/ directory 4. Sanitization: No content validation or sanitization of the input specs is described.
Audit Metadata