The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill makes extensive use of the command npx @fission-ai/openspec@latest in its operational steps as documented in cflx-apply.md and cflx-archive.md. This command downloads and executes external code from the NPM registry at runtime. The organization @fission-ai is not a trusted vendor and is not associated with the skill author 'tumf'.
[EXTERNAL_DOWNLOADS]: Operational instructions and reference files recommend using npx to fetch and run tools or updates from the public @fission-ai repository at runtime.
[PROMPT_INJECTION]: The skill is explicitly configured to bypass human-in-the-loop safety measures. Instructions such as 'CRITICAL
This skill CANNOT ask questions', 'NO QUESTIONS', and 'All decisions must be made autonomously' prevent the agent from seeking clarification if it encounters ambiguous or malicious instructions within its context.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated ingestion of external markdown files without validation.
Ingestion points: Files located at openspec/changes/<change-id>/proposal.md, design.md, and tasks.md are read and followed as instructions for implementation.
Boundary markers: There are no markers or system instructions provided to differentiate between the skill's hardcoded instructions and untrusted content within the change proposal files.
Capability inventory: The skill has the capability to modify files, execute shell commands, run local scripts, and invoke the npx package manager.
Sanitization: Content from the proposal files is not sanitized or validated before being interpreted as a task sequence by the agent.
[COMMAND_EXECUTION]: The skill executes local Python logic via scripts/cflx.py and utilizes shell commands like git status to manage the local workspace and verify implementation states.

cflx-workflow