The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the node command to run a local script (spec-driven.js) for initializing project structures, checking roadmap status, and scaffolding new change proposals.
[DATA_EXPOSURE]: The agent reads local configuration and roadmap files (e.g., .spec-driven/config.yaml, .spec-driven/roadmap/INDEX.md) to provide context-aware recommendations. This access is restricted to the project root and expected for the skill's functionality.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from project files (roadmap, milestones) which could contain embedded instructions. Risk is mitigated by the 'proposal checkpoint' rule, which enforces explicit user confirmation before scaffolding or artifact creation.

roadmap-recommend