OpenSpec Workflow

This skill is coherent as an automated spec-driven workflow, but several warning signs deserve attention before installing: - Metadata mismatch: The skill metadata declares no required binaries or credentials while the SKILL.md expects openspec, claude, gh, git, and an authenticated gh CLI — ask the publisher to update registry fields to reflect real requirements. - Permission-bypass flag: The guide explicitly runs Claude with --dangerously-skip-permissions and spawns subagents with full repo paths. That gives the implementer broad read/write access and can bypass platform safety checks — only run in repositories you fully control and audit first. - Credential scope: Limit tokens to least privilege (narrow GitHub repo scopes, avoid org-wide tokens). Prefer ephemeral tokens or require human approval for push/PR creation. - Audit repo for secrets: Before giving any subagent or external CLI access, scan the repo for secrets or sensitive files that could be exposed by an automated reviewer. - Operational controls: If you choose to use this skill, require interactive/human confirmation for commits and PR creation, or run in an isolated CI environment. Consider running claude and openspec in a sandbox/worktree instead of on your primary working copy. If the publisher cannot or will not correct the metadata to list required CLIs and credential needs, treat installation with extra caution or avoid installing into sensitive environments.