spec-init

The spec is primarily benign scaffolding with appropriate idempotence and clear file templates. The dominant security concern is the optional npx-based skills installation and the practice of placing third-party skills into an auto-loaded directory without enforced vetting. That pattern introduces a significant supply-chain and runtime-trust risk: remote code can run during install or later when skills are loaded by agents. No direct malicious code is present in the spec itself, but the workflow it prescribes can enable malicious outcomes if the installed skills are compromised or unvetted. Recommend treating the npx install as high-risk, pinning/artifact-verifying installs, prompting manual review, and recommending install isolation.