openspec-archive-change
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell commands including 'mkdir -p' and 'mv' to modify the local filesystem. These operations are performed based on data retrieved from local files and CLI outputs.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill explicitly requires the 'openspec CLI' to function. This dependency is not hosted in a recognized trusted repository and its source code is not provided for verification.
- [DATA_EXPOSURE] (LOW): The skill reads local files such as 'tasks.md' and traverses directories within the 'openspec/' path to determine project status.
- [PROMPT_INJECTION] (LOW): While the skill uses imperative language like 'MUST' and 'IMPORTANT', these are correctly applied to ensure the agent asks for user confirmation and does not make autonomous decisions.
Audit Metadata