Skills
skills/saadshahd/moo.md/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands (mkdir, mv) and uses the openspec CLI to manage files and directories within local project paths.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of external data.
  • Ingestion points: Reads tasks.md and parses JSON output from openspec list and openspec status commands.
  • Boundary markers: Absent; no delimiters or ignore-instructions are used when processing external content.
  • Capability inventory: Filesystem operations (mkdir, mv) and subagent invocation for additional tasks.
  • Sanitization: Absent; the skill does not explicitly validate or filter content from files or tool outputs before it is used to influence agent logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 06:00 AM