Skills
skills/yankeguo/weavmail/openspec-sync-specs/Gen Agent Trust Hub

openspec-sync-specs

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the openspec list --json command to retrieve data about available changes. This is a legitimate use of a local CLI tool required by the skill.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and interprets natural language instructions (intent) from delta specification files (openspec/changes//specs/*/spec.md).
  • Ingestion points: Reads content from markdown files at openspec/changes//specs/*/spec.md.
  • Boundary markers: No explicit markers or ignore-instructions are used; the agent is told to read the spec to understand the intended changes.
  • Capability inventory: Includes the ability to read and write files within the project directory and execute the openspec CLI.
  • Sanitization: There is no validation or sanitization of the input markdown files before the agent processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 07:21 AM