openspec-install

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's runtime installation commands fetch and install/execute remote code from the OpenSpec repository (e.g., https://github.com/Fission-AI/OpenSpec and the npm package @fission-ai/openspec via npm install -g @fission-ai/openspec@latest / nix run github:Fission-AI/OpenSpec), which are required dependencies and will execute remote code when run.