The Agent Skills Directory

[SAFE]: The skill is a purely instructional framework designed to help users identify potential failure modes in projects. It does not contain any executable scripts, binary files, or automated commands.
[DATA_EXPOSURE]: The skill uses Read and Write tools but limits their scope to documentation directories (docs/plans/**, docs/architecture/**, docs/threat-models/**). It does not attempt to access sensitive system paths, credentials, or environment variables.
[REMOTE_CODE_EXECUTION]: There are no network operations, external downloads, or package installations defined in the skill.
[INDIRECT_PROMPT_INJECTION]: Although the skill processes project documentation which could originate from untrusted sources, the risk is negligible as it applies a specific risk-assessment methodology rather than executing instructions contained within those files.
Ingestion points: Project plans and architecture documents in the docs/ folder.
Boundary markers: None explicitly defined in the skill instructions.
Capability inventory: Limited to file reading and writing within documentation paths.
Sanitization: Not applicable as the output is structured text analysis.

pre-mortem