openspec-archive-change
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands (
mkdirandmv) with variable interpolation for change names and dates. If these variables contain shell metacharacters, it could lead to command injection if the underlying agent does not properly escape inputs.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and processing content from external sources.\n - Ingestion points: The skill reads the
tasks.mdfile and processes JSON output from theopenspecCLI tools.\n - Boundary markers: Absent. There are no specific delimiters or instructions for the agent to ignore potentially malicious content within the ingested files.\n
- Capability inventory: The skill has the ability to execute filesystem operations (
mkdir,mv) and run CLI tools.\n - Sanitization: Absent. The skill does not describe any validation or sanitization steps for the data retrieved from
tasks.mdor CLI outputs before displaying summaries or warnings.
Audit Metadata