The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands to interact with the local environment. It runs openspec status to check initialization, git log to analyze recent activity, and various openspec subcommands (new, instructions, archive) to manage the workflow. These are standard operations for a developer tool and are scoped to the project directory.
[PROMPT_INJECTION]: The skill implements a codebase scanning feature that looks for string patterns like TODO, FIXME, and HACK. While this involves reading untrusted content from the codebase into the agent's context (Indirect Prompt Injection surface), the scope is limited to the user's own repository, and the ingested data is used solely to provide suggestions for tasks to work on during the tutorial.

openspec-onboard