openspec-sync-specs
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
openspec list --jsoncommand to retrieve a list of available changes. This is a standard operation required for the skill to identify the files it needs to process. - [SAFE]: The skill interacts with the local file system to read and write markdown files located within the
openspec/directory. These operations are confined to the project's specification directory and do not access sensitive system paths. - [SAFE]: The skill processes external data from delta specification files to perform its merging logic. While this ingestion represents a surface for indirect instructions, the logic is constrained to text manipulation within the specification files.
- Ingestion points: Markdown files located in
openspec/changes/<name>/specs/*/spec.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt instructions.
- Capability inventory: The skill has capabilities to read/write local markdown files and execute the vendor-specific CLI tool.
- Sanitization: No specific sanitization or filtering of the content from the delta specs is performed before merging into the main specs.
Audit Metadata