The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines commands that run 'node {{SKILL_DIR}}/scripts/spec-driven.js'. A 'scripts' file in the skill directory contains the relative path '../../dist/scripts', which causes the agent to look for and execute code from a directory outside the skill's encapsulated folder. This dynamic loading from a relative path can result in the execution of unintended or unverified scripts.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes data from the project repository to determine its actions. 1. Ingestion points: .spec-driven/config.yaml, .spec-driven/roadmap/INDEX.md, and milestone markdown files. 2. Boundary markers: None. 3. Capability inventory: Subprocess execution via node. 4. Sanitization: None.

roadmap-sync