The Agent Skills Directory

[SAFE]: The skill establishes a robust and disciplined development framework that prioritizes planning, documentation, and testing. It includes proactive security instructions, such as the explicit prohibition of hardcoded secrets and the requirement to validate and sanitize all external inputs.
[NO_CODE]: The skill is composed entirely of instructional Markdown files. It does not contain any executable scripts, binaries, or active code components, significantly reducing its attack surface.
[PROMPT_INJECTION]: The instructions do not contain any patterns intended to override agent safety guidelines, bypass content filters, or extract system prompts. It uses natural instructional language to guide the agent through its intended coding workflow.
[EXTERNAL_DOWNLOADS]: While the skill mentions the use of package managers like uv, npm, and yarn for project management, it does not include any hardcoded URLs to untrusted sources or automated remote script execution patterns (e.g., curl | bash).
[DATA_EXFILTRATION]: No patterns of unauthorized data access or network exfiltration were found. The skill does not target sensitive system files and includes rules against environment-specific hardcoding.
[COMMAND_EXECUTION]: The use of CLI tools like git and uv is restricted to standard software development workflows. The skill's design includes multiple planning phases and an optional interactive mode to ensure that actions are deliberate and reviewed by the user.

spec-coding-skill