The Agent Skills Directory

[SAFE]: The skill follows a strict document generation pipeline that requires user approval at every step (Review gates), preventing the agent from performing autonomous actions without oversight.
[SAFE]: Data access is limited to reading project manifest files (e.g., package.json, pyproject.toml) and existing markdown documentation to understand project context. This behavior is consistent with the skill's stated purpose of development planning.
[SAFE]: The skill does not attempt to access sensitive system files (such as SSH keys or cloud provider credentials), nor does it perform any network exfiltration or remote code execution.
[SAFE]: Although the skill ingests existing repository documentation (README.md, CLAUDE.md, etc.) which could technically serve as a surface for indirect prompt injection, the risk is negligible due to the mandatory human-in-the-loop review process for all generated outputs.
Ingestion points: README.md, CLAUDE.md, and all .md files under docs/en/specifications/ and docs/en/policy/ (identified in Step 0.5).
Boundary markers: Not explicitly utilized in the instructions.
Capability inventory: Limited to file reading and file writing within the project documentation directory.
Sanitization: No explicit sanitization; the skill relies on the user to review and confirm all generated content.

dev-planning