The Agent Skills Directory

[SAFE]: Extensive review of the 54 files, including core scripts (init-workflow.sh, advance-stage.sh) and library utilities (yaml-utils.sh, hooks-utils.sh), shows no evidence of malicious behavior. The skill operates entirely within the project's filesystem, primarily inside a .trae directory.
[COMMAND_EXECUTION]: The skill executes local bash scripts to transition through development stages. These scripts perform routine file system operations, such as creating directories for workflow artifacts and updating YAML state files using standard tools like grep and sed. No arbitrary command execution from untrusted sources was detected.
[DATA_EXFILTRATION]: There are no network operations (curl, wget, etc.) in the provided scripts that target external domains. The generation of reports and management of requirement specifications are handled locally.
[PROMPT_INJECTION]: The skill utilizes 'agents' which are instructional markdown files (e.g., problem-definer.md, risk-auditor.md). These provide role-based guidance to the AI and do not contain instructions to bypass safety filters or ignore previous constraints.
[REMOTE_CODE_EXECUTION]: The skill does not download external scripts or packages. It relies on its own distributed script library and templates.

requirement-workflow