Skills
skills/reason-healthcare/health-skills/openspec-sync-specs/Gen Agent Trust Hub

openspec-sync-specs

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the openspec CLI tool to fetch change data via the command openspec list --json. This is an expected operation for a skill designed to interact with this specific CLI.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external markdown files (delta specs) to update main specs.
  • Ingestion points: The agent reads files located at openspec/changes/<name>/specs/*/spec.md.
  • Boundary markers: Absent; the instructions do not specify the use of delimiters when reading the specification files.
  • Capability inventory: The skill is limited to reading and writing markdown files within the project directory and executing specific openspec CLI commands.
  • Sanitization: Absent; the content from the delta specs is intelligently merged into the main specifications by the agent without explicit sanitization steps.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 01:38 AM