Skills
skills/danielsogl/copilot-workflow-demo/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands (mkdir -p, mv) and CLI tools (openspec list, openspec status) using the <name> variable. While the instructions emphasize user selection from a list, the initial prompt allows for manual entry, which could lead to command injection if input is not properly sanitized.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting data from external sources without explicit boundary markers.
  • Ingestion points: Reads content from tasks.md and parses JSON output from openspec list --json and openspec status --json.
  • Boundary markers: None identified in the instructions for parsing files or tool outputs.
  • Capability inventory: Executes shell commands (mkdir, mv) and interacts with the file system (openspec/changes/).
  • Sanitization: No sanitization or validation of the content read from tasks.md or the CLI output is specified before logic processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:09 AM
Security Audit — agent-trust-hub — openspec-archive-change