The Agent Skills Directory

[SAFE]: The skill's behavior is consistent with its stated purpose of analyzing requirements and generating a markdown blueprint. No malicious patterns, obfuscation, or persistence mechanisms were detected.
[NO_CODE]: This skill consists of natural language instructions and configuration without any embedded scripts or executable binaries, significantly reducing the attack surface.
[DATA_EXFILTRATION]: Although the skill has access to local files via the 'Read' and 'Write' tools, it lacks any network-capable tools or instructions to send data externally. Access is limited to project documentation and blueprint creation.
[PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection because it ingests untrusted external data (PRDs and DDD outputs). However, the risk is mitigated as the skill only outputs a structured markdown file and does not execute commands based on the ingested content.
Ingestion points: Processes contents from 'requirements.md', 'event-storming.md', 'screen-inventory.md', and PRD/planning documents.
Boundary markers: Absent; the skill does not use specific delimiters to isolate untrusted content in its output.
Capability inventory: 'Read' and 'Write' tools are used for local file operations.
Sanitization: No explicit sanitization or validation is applied to the data extracted from external documents.

requirements-analyzer