The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The framework references the claude-flow package for execution via npx. This package is the core component of the methodology and is maintained by the vendor (ruvnet).
[COMMAND_EXECUTION]: The methodology provides specific commands for executing various development modes and agent orchestration tasks using the claude-flow CLI and MCP tools.
[PROMPT_INJECTION]: The researcher, reviewer, and analyzer modes ingest untrusted data from external sources, presenting a surface for indirect prompt injection. 1. Ingestion points: Data is ingested via researcher (web search results), reviewer (pull request and source code analysis), and analyzer (dependency and static code analysis). 2. Boundary markers: The documentation does not specify the use of delimiters or clear instructions to the agent to ignore embedded commands within the ingested data. 3. Capability inventory: The framework has extensive capabilities, including the ability to write and refactor files (coder), execute shell commands (sparc_mode), and perform network operations (researcher). 4. Sanitization: There is no description of sanitization, filtering, or validation of external content before it is processed by the orchestration agents.

sparc-methodology