The Agent Skills Directory

[SAFE]: The skill performs environment detection using standard system commands such as git, ls, and find. These operations are used to identify the package manager, container tools, and branch strategy of the local repository.
[COMMAND_EXECUTION]: The skill utilizes git and the GitHub CLI (gh) to retrieve repository information (branches, issues) and manage the development workflow (creating pull requests). These commands are executed within the context of the user's project and target well-known, trusted services (GitHub).
[DATA_EXFILTRATION]: No sensitive data exposure was detected. Network operations are limited to interaction with the project's own Git remote and GitHub API. No access to sensitive files like .env, SSH keys, or cloud credentials was observed.
[PROMPT_INJECTION]: Detailed inspection of the main instructions and all 14 template files (Markdown and TOML) confirmed the absence of prompt injection patterns. There are no attempts to bypass safety filters or override agent constraints.
[EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads or execute remote scripts. All workflow and agent templates are stored locally within the skill's references/ directory.

spec-workflow-init