openspec-bulk-archive-change
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill constructs and executes shell commands such as
mvandopenspec statususing variables derived from directory names on the local filesystem. There is no explicit sanitization for these variables, which could theoretically allow for command injection if a project contains maliciously named folders. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests and processes data from local files (
tasks.mdand specification files) to determine conflict resolution and archive logic. Ingestion points: File content fromopenspec/changes/<name>/tasks.mdand thespecs/directory. Boundary markers: Absent; the skill does not use delimiters to separate ingested data from its own instructions. Capability inventory: File system manipulation (mv,mkdir) and external CLI execution (openspec). Sanitization: Absent; no escaping or filtering of ingested content is specified. - EXTERNAL_DOWNLOADS (SAFE): The skill requires an external dependency (
openspecCLI) but does not attempt to download or execute code from untrusted remote sources at runtime.
Audit Metadata