openspec-sync-specs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface.
- Ingestion points: The skill reads incremental specification files located at
openspec/changes/<name>/specs/*/spec.md. - Boundary markers: The instructions lack delimiters or warnings to treat the content of these files strictly as data rather than instructions.
- Capability inventory: The agent has the capability to read and write to the local filesystem within the
openspec/directory structure to perform the synchronization. - Sanitization: There is no sanitization or validation of the input markdown content. If an incremental specification file contains malicious instructions (e.g., instructing the agent to ignore the sync and perform other file operations), the agent might follow them due to the instruction to 'smartly apply changes' based on its judgment.
Audit Metadata