The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes scripts/check-prerequisites.sh to resolve feature paths and validate the environment. This script uses a relative path to reference a script in a sibling directory (../../spec-kit/scripts/check-prerequisites.sh), which is standard for tools within the Spec Kit ecosystem.
[EXTERNAL_DOWNLOADS]: The skill references the github/spec-kit repository on GitHub for documentation purposes. This is an informational reference to a well-known service.
[DATA_EXFILTRATION]: The skill accesses local project files including spec.md and plan.md to extract requirement context. This access is limited to the active project workspace and intended for checklist generation.
[PROMPT_INJECTION]: The skill ingests untrusted data from specification files to generate checklists, presenting an attack surface for indirect prompt injection. Ingestion points: spec.md, plan.md, and tasks.md (identified in SKILL.md Step 2). Boundary markers: None specified in instructions. Capability inventory: File system write access to the feature checklists directory and shell execution of local path-checking scripts. Sanitization: No explicit sanitization or filtering of input requirement text is described. The risk is mitigated by the specific nature of the output task (generating checklists) and the lack of network exfiltration capabilities in the core logic.

spec-kit-checklist