The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing potentially untrusted data to generate project files.
Ingestion points: Untrusted data enters the context through user input (interpolated via the '$ARGUMENTS' placeholder in 'assets/spec-template.md') and existing repository files such as 'memory/constitution.md'.
Boundary markers: Absent. The workflow does not specify the use of delimiters or instructions to ignore embedded commands within ingested content.
Capability inventory: The skill has the capability to write and modify multiple markdown files within the target repository, including the project constitution and various implementation templates.
Sanitization: Absent. There is no evidence of content validation or escaping before data is written to the file system.
[EXTERNAL_DOWNLOADS]: The skill references an external resource for workflow documentation.
Evidence: The 'SKILL.md' file references 'https://github.com/github/spec-kit/blob/9111699cd27879e3e6301651a03e502ecb6dd65d/templates/commands/constitution.md'. This reference targets a well-known service and is used for documentation purposes.

spec-kit-constitution