The Agent Skills Directory

[SAFE]: The skill provides developer utilities for behavior-driven development (BDD) workflows. All analyzed scripts perform their stated functions of validation, visualization, and documentation using safe practices and standard libraries.
[COMMAND_EXECUTION]: The skill utilizes local Python scripts for processing YAML specifications and generating diagrams. These scripts are executed with specific arguments defined in the skill-manifest, minimizing the risk of arbitrary command injection. The use of ast for parsing Python and re for JS/TS ensures that code is analyzed structurally without being executed.
[PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data as it parses external project files (source code and YAML specs). Ingestion points include scripts/generate_behavior.py and scripts/validate_spec.py. While no boundary markers are explicitly used in the scripts, the risk is mitigated because the processing is limited to structural analysis and validation against strict schemas, rather than direct interpolation into prompts for execution.

skill-system-behavior