openspec-bulk-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands including 'openspec', 'mkdir', and 'mv' to manage project files. These operations use variables derived from command output and the file system.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and interprets data from local project files that could contain instructions.
- Ingestion points: Data is ingested from 'openspec list --json' output, 'openspec/changes//tasks.md', and delta spec files.
- Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands within the files it processes.
- Capability inventory: The agent can execute shell commands ('openspec', 'mkdir', 'mv') and modify the local file system.
- Sanitization: No sanitization or validation of the content from the ingested files is performed before it is used to influence the agent's logic.
- [EXTERNAL_DOWNLOADS]: The skill requires the 'openspec' CLI dependency, which is a tool provided by the vendor (yankeguo).
Audit Metadata