openspec-sync-specs
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
openspec list --jsonto identify available specification changes. This is a legitimate use of the required CLI tool for the skill's primary functionality. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes and interprets instructions from external markdown files. • Ingestion points: Reads delta specification files located at
openspec/changes/<name>/specs/*/spec.md. • Boundary markers: No specific delimiters or instructions to ignore embedded instructions are present in the processing logic. • Capability inventory: The agent has the ability to run theopenspecCLI and perform file write operations to theopenspec/specs/directory. • Sanitization: There is no explicit content validation or sanitization mentioned for the markdown data before the agent processes it to apply 'intelligent merging' logic.
Audit Metadata