openspec-initial
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run the
openspec initcommand with various flags like--toolsand--force. This behavior is the primary intended function for project initialization and does not appear to involve unauthorized command execution. - [EXTERNAL_DOWNLOADS]: The skill references documentation and tool lists hosted on GitHub (
github.com/Fission-AI/OpenSpec). These are informational links and do not involve the automated download or execution of remote code.
Audit Metadata