The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands like git status and git branch -a to validate the state of the repository and ensure no conflicts exist before creating new branch suggestions or specification files.- [PROMPT_INJECTION]: The skill processes untrusted data from user inputs, Figma designs, and Jira tickets which creates a surface for indirect prompt injection.
Ingestion points: External data is ingested from user requests in SKILL.md, Figma designs via the Figma MCP in Step 4, and existing Jira ticket descriptions in Refine Mode.
Boundary markers: The instructions for sub-agents in agents/qa-planner-agent.md and agents/refinement-agent.md use placeholders such as {ACCEPTANCE_CRITERIA} and {FEATURE_DESCRIPTION} without explicit delimiters or instructions to ignore embedded commands within the data.
Capability inventory: The skill can write files to the local repository (enggenie/spec_[slug].md) and create or update Jira tickets using the Jira MCP.
Sanitization: No explicit sanitization or filtering logic is defined for the content before it is interpolated into the prompts.
[SAFE]: The skill includes strong human-in-the-loop controls, requiring explicit user confirmation before creating Jira tickets (Step 6) and before saving the finalized specification to the filesystem (Exit Action).- [SAFE]: No obfuscation, hardcoded credentials, or unauthorized network communication were found. All external integrations (Jira, Figma) are handled through standard model context protocol (MCP) interfaces.

pm-refine