Skills
skills/linksofteu/linksoft_skills/openspec-workitem-enrichment/Gen Agent Trust Hub

openspec-workitem-enrichment

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell and PowerShell scripts (such as scripts/fetch-work-item-context.sh and scripts/fetch-work-item-context.ps1) to automate interactions with the Azure CLI (az) and git.
  • [DATA_EXFILTRATION]: The skill reads work item information from Azure DevOps (via az boards) and repository metadata (via git remote). This data is accessed locally to provide context for specification creation and is not transmitted to unauthorized external endpoints.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests untrusted data from Azure DevOps work items.
  • Ingestion points: Data is retrieved from work item fields and comments in scripts/fetch-work-item-context.sh and scripts/fetch-work-item-context.ps1.
  • Boundary markers: The output uses Markdown headers to structure the data, but does not include explicit instructions to the AI to ignore commands found within the work item text.
  • Capability inventory: The skill utilizes scripts that execute shell commands and perform network operations via the Azure CLI.
  • Sanitization: The scripts include logic to strip HTML tags and decode HTML entities from the work item fields to clean the text before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 10:21 AM