The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through the ingestion of user-controlled repository artifacts.\n- Ingestion points: The orchestrator reads and interprets content from spec.md, plan.md, tasks.md, and .specify/memory/constitution.md during workflow phases.\n- Boundary markers: The skill lacks explicit delimiters or instructions to isolate user-provided text from agent instructions within these artifacts.\n- Capability inventory: It orchestrates high-capability implementation skills such as superpowers:executing-plans and coordinates the execution of local automation scripts.\n- Sanitization: There is no evidence of content sanitization or instruction filtering in the orchestration modules to prevent malicious instructions embedded in artifacts from being followed.

speckit-orchestrator