Skills
skills/ruan-cat/monorepo/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Pass

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill instructs the agent to execute shell commands and a CLI tool using potentially unsanitized variables.
  • Evidence: Step 2 uses openspec status --change "<name>" --json and Step 5 uses mv openspec/changes/<name> openspec/changes/archive/YYYY-MM-DD-<name>.
  • Risk: If the agent does not properly escape the <name> variable, a malicious change name could lead to command injection or path traversal outside the intended directory.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface detected (Category 8).
  • Ingestion points: The skill reads tasks.md (Step 3) and parses JSON output from openspec status (Step 2).
  • Boundary markers: Absent. The instructions do not specify delimiters or warnings to ignore instructions embedded within the files being read.
  • Capability inventory: File system modification (mkdir, mv), CLI execution (openspec), and delegation to other skills (openspec-sync-specs).
  • Sanitization: Absent. The skill does not instruct the agent to sanitize or validate the content of tasks.md or CLI outputs before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 22, 2026, 05:40 AM