Skills
NYC
skills/smithery/ai/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill executes shell commands mkdir and mv by interpolating the <name> variable. Because this variable is derived from user input or external listings without sanitization, an attacker can provide a name containing shell metacharacters (e.g., ; rm -rf /) to execute arbitrary commands.
  • [REMOTE_CODE_EXECUTION] (HIGH): The command injection vulnerability in the shell execution step allows for arbitrary code execution on the host machine.
  • [PROMPT_INJECTION] (MEDIUM): Category 8: Indirect Prompt Injection. The skill processes untrusted local data. Ingestion points: tasks.md and openspec/changes/<name>/specs/. Boundary markers: None. Capability inventory: File system modification (mv, mkdir) and CLI execution. Sanitization: None. Malicious content in these files could influence agent behavior or decision-making during the archiving process.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the openspec CLI, which is an external dependency from a source not included in the trusted list.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:46 AM