The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted input from local specification files (e.g., specs/*.md) and GitHub pull request comments retrieved via gh pr view. This creates an attack surface for indirect prompt injection, where malicious content in the spec or comments could attempt to subvert the agent's analysis or scoring logic. However, the skill's capabilities are limited to providing feedback and applying PR labels. No sanitization or boundary markers are present in the instruction set.\n- [COMMAND_EXECUTION]: The skill executes local commands using the GitHub CLI (gh) to view pull request details and apply the claude-spec-approved label. It also uses ls to list files in the specs/ directory. These actions are restricted to the intended purpose of automating specification reviews and do not expose the system to arbitrary command injection.\n- [EXTERNAL_DOWNLOADS]: The skill includes a reference to an official Anthropic service (https://claude.ai/code) to guide users toward implementing approved specifications. This link points to a well-known and trusted domain.

analyze-spec