Skills
skills/reason-healthcare/health-skills/openspec-archive-change/Gen Agent Trust Hub

openspec-archive-change

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's functionality is consistent with its stated purpose of archiving project changes. It uses standard file management techniques and incorporates user interaction for decision-making.
  • [COMMAND_EXECUTION]: The skill executes local shell commands (mkdir -p, mv) and the openspec CLI to manage directories and move files. These operations are restricted to the local filesystem and are appropriate for an archival task.
  • [DATA_EXPOSURE]: The skill reads local files, including tasks.md and delta specifications, to evaluate completion status. This data is used within the agent's context to inform the user and does not involve accessing sensitive system credentials or configurations.
  • [PROMPT_INJECTION]: The skill processes potentially untrusted content from local files (e.g., the contents of tasks.md). The risk of indirect prompt injection is mitigated by explicit instructions for the agent to use the 'AskUserQuestion' tool to obtain user confirmation before proceeding with critical operations like syncing or archiving.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 01:38 AM
Security Audit — agent-trust-hub — openspec-archive-change