The Agent Skills Directory

[SAFE]: The skill instructions focus on strategic analysis and documentation (ADRs and strategic briefs). All identified behaviors are consistent with its stated purpose as an AI co-founder and growth architect.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform directory listings (ls) for discovering previous analyses. This is a legitimate use of the tool for maintaining project context across sessions and follows the allowed-tools configuration defined in the frontmatter.
[DATA_EXFILTRATION]: No network operations or external data transmission patterns were identified. The skill operates locally within the resolved {output_dir} and integrates with other local skills like obsidian and sprint-forge through standard invocation patterns.
[PROMPT_INJECTION]: The skill includes strong instructional rules (e.g., 'RULE 1 — STRATEGY BEFORE EXECUTION') to guide the agent's behavior. These are benign and intended to ensure the agent adheres to its specific role rather than attempting to bypass safety filters or ignore system instructions.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data by reading previously generated analysis files from the {output_dir}. While this represents a potential attack surface for indirect prompt injection if those files were maliciously modified, it is a standard design pattern for context-aware agents.
Ingestion points: Files located in {output_dir}/analysis/*.md and {output_dir}/adr/*.md (referenced in assets/modes/ANALYZE.md).
Boundary markers: None explicitly defined in the loading instructions.
Capability inventory: The skill has Write, Read, and Bash capabilities used for file management.
Sanitization: No specific sanitization or filtering is applied to the content of the read files; however, the impact is limited to the strategic advice provided by the agent.

growth-architect