The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). Data ingestion points include issue-integration.sh, which fetches content from GitHub using the gh CLI, and various scripts that read markdown files from the docs/ directory. The skill lacks explicit boundary markers or sanitization for external content interpolated into the agent context. Capability inventory includes filesystem modification (git mv, Write tools) and GitHub API interaction (gh issue comment), which could be leveraged if the agent follows malicious instructions embedded in GitHub issues or documentation artifacts.
[COMMAND_EXECUTION]: Multiple scripts, such as adr-check.sh, migrate-bugs.sh, and specwatch.sh, use uv run python3 to execute inline Python code for parsing markdown frontmatter and managing the artifact graph. These operations are performed locally on repository files and are associated with the skill's primary management tasks.
[EXTERNAL_DOWNLOADS]: The skill performs authenticated network operations to GitHub's API via the gh CLI to promote issues to specifications and synchronize transition status. While interacting with a well-known service for its intended purpose, it involves the transmission of repository metadata to an external endpoint.

swain-design