The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on spec-forge-cli to perform operations such as resolving UX contracts, applying configuration changes, merging YAML artifacts, and managing stage gates. These commands are integral to the 'Spec Forge' workflow and are used to manage project specifications in the .spec-forge directory.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests data from external YAML files.
Ingestion points: The skill reads request-context.yaml and role-map.yaml from the framing directory of a specific project.
Boundary markers: No explicit XML tags or delimiters are used to wrap the content of these files when they are processed by the agent.
Capability inventory: The skill has the capability to write and merge files via spec-forge-cli artifact merge and spec-forge-cli apply.
Sanitization: There is no evidence of input validation or sanitization performed on the content of the YAML artifacts before they are used to influence the agent's responses or summarized for the user.

spec-forge-architecture