The Agent Skills Directory

[PROMPT_INJECTION]: The skill documentation (SKILL.md) uses authoritative directives and 'Iron Laws' (e.g., 'NEVER write implementation code before...', 'MANDATORY Memory Protocol') designed to override default agent behaviors. The activation command in commands/sparc-methodology.md explicitly instructs the agent to 'follow it exactly as presented'.
[REMOTE_CODE_EXECUTION]: The methodology relies on the 'npx claude-flow' command, which downloads and executes code from the NPM registry at runtime. This involves running unverifiable third-party code outside of the skill's distributed package.
[COMMAND_EXECUTION]: The skill makes extensive use of powerful system tools including Bash, Write, and Edit. These are used to implement code, run tests, and manage the filesystem based on external task descriptions.
[EXTERNAL_DOWNLOADS]: The skill documentation references and encourages the use of external resources from github.com/ruvnet/claude-flow and the claude-flow NPM package, which are not associated with trusted vendors.
[DATA_EXFILTRATION]: The 'researcher' mode specifies the use of WebSearch and WebFetch tools to gather information. While intended for research, these tools allow the transmission of queries and potentially sensitive context to external web services.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. (1) Ingestion points: Task descriptions and external code provided to 'modes' like reviewer, analyzer, and researcher via tool calls. (2) Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are defined for the input data in the implementation templates. (3) Capability inventory: Includes Bash execution, filesystem modifications (Write/Edit), and network access (WebSearch). (4) Sanitization: No evidence of sanitization or validation of the ingested external content before processing by the agent.

sparc-methodology