The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the openspec CLI to manage the development lifecycle through commands like openspec new, openspec status, and openspec archive. These are structured calls to a local utility for project state management and do not exhibit signs of command injection or malicious intent.
[PROMPT_INJECTION]: No malicious prompt injection or safety bypass instructions were detected. The skill uses strong language (e.g., "Iron Laws") to enforce a specific technical methodology (prioritizing documentation over coding), which is a benign instructional constraint.
[DATA_EXFILTRATION]: There are no network operations, such as curl or wget to external domains, or patterns suggesting the unauthorized transmission of data. The skill focuses on reading and writing local project files within the openspec/ directory.
[EXTERNAL_DOWNLOADS]: While the skill requires the openspec CLI tool, it does not attempt to download, install, or execute remote scripts at runtime from untrusted sources.

openspec-sdd-guide