openspec-sync-specs

================================================================================

🔴 VERDICT: HIGH

This skill poses a HIGH risk primarily due to its reliance on an unverified external command-line interface (CLI) tool, openspec. The skill instructs the agent to execute commands from this tool, which, if malicious or compromised, could lead to arbitrary command execution on the system. Additionally, the skill processes user-provided content ('delta specs'), introducing a risk of indirect prompt injection.

Total Findings: 3

🔴 HIGH Findings: • Unverified External CLI Execution

• Line 17: The skill explicitly states 'Requires openspec CLI.' and instructs the agent to 'Run openspec list --json'. The openspec CLI is an external, unverified dependency. If this tool is malicious, instructing the agent to run its commands constitutes a direct command execution risk.

🔵 LOW Findings: • Unverifiable External Dependency

• Line 4: The skill declares compatibility: Requires openspec CLI.. The openspec CLI is an external dependency whose source and trustworthiness are not provided or verifiable within the skill's instructions. This introduces a dependency on potentially untrusted software.

ℹ️ INFO Findings: • Indirect Prompt Injection Risk

• Line 30: The skill processes user-provided 'delta specs' (markdown files) to 'understand the intended changes' and 'apply changes intelligently'. Malicious content within these delta specs could attempt to manipulate the agent's behavior, leading to unintended actions or information disclosure. This is an inherent risk when processing untrusted input.

================================================================================