The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes a Python script (scripts/validate_fsd.py) used for document validation.
Evidence: The script is invoked via python .agents/skills/functional-specification-document/scripts/validate_fsd.py as part of the output phase.
Analysis: Static analysis of the script confirms it is a linter that uses only standard Python libraries (re, pathlib, json, argparse) to analyze text files. It contains no network operations, privileged system calls, or dynamic code execution functions like eval() or exec().
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted user-provided documentation.
Ingestion points: SKILL.md (Phase 1) instructs the agent to read source documents such as PRDs or project briefs provided by the user.
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings for the data ingested from user documents, allowing instructions embedded in those documents to potentially influence agent behavior.
Capability inventory: The skill has the capability to write Markdown files to the local filesystem and execute a local Python validation script.
Sanitization: The validate_fsd.py script provides a layer of sanitization by enforcing a 'No Code Blocks' rule on the output, which prevents the agent from emitting executable code that might have been injected via the source document.

functional-specification-document