Skills
skills/danielsogl/copilot-workflow-demo/openspec-bulk-archive-change/Gen Agent Trust Hub

openspec-bulk-archive-change

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs several shell and CLI operations to manage the project state.
  • Evidence: Executes openspec list, openspec status, and openspec sync-specs to interact with the project data (SKILL.md).
  • Evidence: Uses shell commands mkdir -p and mv to restructure the file system during the archiving process (SKILL.md).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from project files to drive its logic (Category 8).
  • Ingestion points: The agent reads data from openspec/changes/<name>/tasks.md and requirement lines from markdown files in openspec/changes/<name>/specs/ (SKILL.md).
  • Boundary markers: There are no explicit instructions to use delimiters or ignore embedded instructions when reading these external files.
  • Capability inventory: The agent can move files, create directories, and perform "intelligent merges" of specifications based on the data it reads (SKILL.md).
  • Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from the specification files before it is used to resolve conflicts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:09 AM