openspec-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local CLI commands via the
openspectool to list, check status, and sync project specifications. It also uses shell commands likemkdirandmvto manage the directory structure of the changes.- [PROMPT_INJECTION]: The skill includes positive guardrails requiring the agent to use theAskUserQuestiontool to let the user select changes, explicitly forbidding the agent from guessing or auto-selecting inputs.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by reading and processing external data fromtasks.mdand delta specification files to determine the workflow state. * Ingestion points: readstasks.mdand directory contents inopenspec/changes/<name>/specs/. * Boundary markers: None; the skill reads file content directly to identify task completion markers and compare specification text. * Capability inventory: File system manipulation (mkdir,mv), subagent invocation, and local CLI execution (openspec). * Sanitization: No explicit sanitization or filtering of the content retrieved fromtasks.mdor specification files is performed before the agent evaluates the state.
Audit Metadata