Skills
skills/rpamis/comet/comet-archive/Gen Agent Trust Hub

comet-archive

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local bash scripts to transition project states and synchronize files. It dynamically locates its environment configuration script ('comet-env.sh') within local user directories (e.g., '.config', '.gemini') to define its operational context.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes and moves local specification and design documents which could contain untrusted data.
  • Ingestion points: Specification files, plan documents, and design docs located in the 'openspec/changes/' directory.
  • Boundary markers: None are explicitly defined in the skill instructions to separate document content from agent instructions.
  • Capability inventory: The skill possesses shell execution capabilities ('bash') and file system modification permissions (move, write/overwrite).
  • Sanitization: No content validation, escaping, or filtering of the processed files is described in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 11:23 AM
Security Audit — agent-trust-hub — comet-archive