The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's core functionality relies on executing shell commands (e.g., sdd validate, sdd fix) that interpolate user-provided parameters like {spec-id}. This pattern creates a potential command injection surface if the agent does not properly sanitize these inputs before execution.
[EXTERNAL_DOWNLOADS]: The documentation encourages the installation of an external Python package, claude-skills[validation], which is not part of the standard library or a verified trusted organization list, to enable specific validation features.
[PROMPT_INJECTION]: The skill is designed to process and analyze content from external JSON specification files, which constitutes a surface for indirect prompt injection where malicious instructions embedded in the specs could attempt to influence agent behavior.
Ingestion points: Untrusted data is ingested from various spec file paths, including specs/pending/, specs/active/, and user-provided absolute paths.
Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore embedded commands within the JSON data being processed.
Capability inventory: The skill utilizes subprocess calls to the sdd CLI tool for validation, fixing, reporting, and dependency analysis.
Sanitization: No evidence of sanitization or content validation is provided in the skill instructions to prevent the execution of malicious data found within the specs.

sdd-validate