The Agent Skills Directory

[SAFE]: The skill is designed to assist in the creation of technical proposals, design documents, and architecture decision records (ADRs). It follows a structured template and uses project-specific files (like CONTEXT.md and ADRs) to ensure consistency and accuracy. While it requests access to code repositories and PRD documents, this behavior is directly aligned with its primary function and does not involve unauthorized data exfiltration or suspicious network activity.
[DATA_EXPOSURE]: The skill requests access to potentially sensitive project materials, including code repositories, database schemas, and internal documentation (e.g., PRDs, Feishu/Lark docs). This is a functional requirement for generating technical designs. No evidence of hardcoded credentials or unauthorized data transmission was found.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data such as PRD documents and source code provided via links or local context. This creates a surface for indirect prompt injection if those external sources contain malicious instructions. However, the skill does not have high-risk capabilities like arbitrary code execution that would significantly escalate this risk.

by-tech-plan