The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform file system lookups using shell commands like ls docs/10_TSPEC/TSPEC-{NN}_*/. The {NN} variable is derived from user input, which presents a potential command injection surface if the agent does not strictly validate the identifier before execution.
[COMMAND_EXECUTION]: The workflow includes the execution of a project-internal Python script: python ai_dev_ssd_flow/scripts/update_traceability_matrix.py. This is used for automated metadata management and operates within the local environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and processes external documentation (SPEC and TSPEC files) to drive its automation logic. Maliciously crafted instructions inside these input documents could potentially influence the agent's decision-making process or the content of generated artifacts.
Ingestion points: Reads SPEC documents (Layer 9) and TSPEC documents (Layer 10) from the local file system.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined for the input documents.
Capability inventory: Includes shell command execution (ls), script execution (python), and automated file generation/writing.
Sanitization: No explicit sanitization or validation logic is defined for the content extracted from input documents.

doc-tspec-autopilot