openspec-workflow
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns such as credential theft, obfuscation, or remote code execution were detected. The skill uses standard tooling and local commands to perform repository management tasks.
- [COMMAND_EXECUTION]: The skill instructs the agent to use
uv run wagentsfor various tasks including environment diagnosis (doctor), status reporting, and artifact validation. These operations are consistent with the skill's stated purpose of managing a development workflow. - [EXTERNAL_DOWNLOADS]: The skill mentions the use of 'uv' and 'Node.js', which are standard development environment dependencies. It does not perform unauthorized external downloads or execute remote scripts.
Audit Metadata