The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill uses templates in templates/issue-creation.md to construct and execute shell commands (e.g., bd create). It interpolates task descriptions and categories directly from local files (tasks.md) without escaping characters. A malicious project file could use shell metacharacters to execute unauthorized commands.
[PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection (Category 8). The skill is instructed to read and 'understand' untrusted content from openspec/changes/ to drive its logic. 1. Ingestion points: tasks.md, proposal.md, spec.md, and design.md. 2. Boundary markers: Absent. 3. Capability inventory: Full access to bd (issue tracking) and openspec CLI tools. 4. Sanitization: Absent; the agent is directed to bridge gaps 'intelligently' without specific safety filters for ingested content.

openspec-to-beads