spec-oxide

The core `spox` binary is written in Rust, which inherently reduces risks associated with runtime code execution like `eval`. File system operations are generally scoped to the project directory. The `setup.sh` script does involve downloading and executing external tools (`uvx` for Serena) from GitHub, which is a common setup practice but relies on the integrity of the remote repositories. However, this is a user-initiated setup step, not a runtime vulnerability of the `spox` binary itself. Critically, the included agent instructions (`CLAUDE.md`, `spox-implementer.md`, `spox-verifier.md`, `spox-reviewer.md`, `propose.md`, `implement.md`, `archive.md`) contain extensive, explicit 'Guardrails' and 'Mandatory Rules' emphasizing 'Evidence before claims', prohibiting AI agents from performing write operations to Git, and enforcing test-driven development. These strong internal guardrails significantly enhance the safety when used with AI models by strictly controlling behavior and requiring explicit command execution for verification.