openspec-archive-change
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands (
mkdir,mv) using a variable<name>(Step 5). While the instructions mandate user selection from a list, any failure to sanitize this input could allow for shell command injection if an attacker can control the change name stored in the system. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and parsing external data from local files.
- Ingestion points: Reads
tasks.md(Step 3) and delta specification files inopenspec/changes/<name>/specs/(Step 4). - Boundary markers: None identified; the skill directly processes the file content to count tasks and analyze diffs.
- Capability inventory: Performs file system operations (
mkdir,mv) and invokes other skills via a subagent (Step 4, 5). - Sanitization: No evidence of sanitization or escaping for the content read from the tasks or specification files before it is used to generate summaries or warnings for the user.
Audit Metadata