openspec-sync-specs
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
openspecCLI tool (e.g.,openspec list --json) to retrieve and manage specification changes on the local system.\n- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the agent processes and merges content from external delta specification files.\n - Ingestion points: The agent reads delta specs from
openspec/changes/<name>/specs/*/spec.mdand main specs fromopenspec/specs/<capability>/spec.md.\n - Boundary markers: The agent relies on standard Markdown headers (e.g.,
## ADDED Requirements) for parsing, but there are no explicit delimiters or instructions provided to the agent to ignore potentially malicious instructions embedded within the requirement text.\n - Capability inventory: The agent has permissions to read, create, and modify markdown files within the
openspec/directory and execute the localopenspecCLI tool.\n - Sanitization: No sanitization or data validation is performed on the content of the delta specs before it is merged into the main specification files.
Audit Metadata