The Agent Skills Directory

[SAFE]: The skill's functionality is entirely consistent with its described purpose as a Goal Oriented Development framework. It manages local files, git branches, and Pull Requests using standard development tools.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from external sources during the specification and implementation phases.
Ingestion points: sub-skills/spec/SKILL.md reads Jira issue descriptions and comments via the Atlassian MCP. sub-skills/code-like-me/SKILL.md reads data from Jira and Figma designs via their respective MCPs.
Boundary markers: The skill uses markdown headers (e.g., ## Input bruto) and structured templates to compartmentalize external data, but it lacks explicit instructions to the AI to disregard commands embedded within that content.
Capability inventory: the agent has access to Bash (executing git, gh, and local python scripts), Agent (spawning sub-agents), and Write/Edit (modifying the codebase and configuration files).
Sanitization: No dedicated sanitization or content filtering of external input was observed before processing.
[COMMAND_EXECUTION]: The framework uses the Bash tool to execute git and gh (GitHub CLI) commands and to run local Python helper scripts found in the sub-skills/_lib/ directory. Arguments for these commands are sourced from internal state files (status.md) or validated configuration. The Python helper scripts use subprocess.run with list-based arguments, which inherently prevents shell-level command injection.

god