The Agent Skills Directory

[SAFE]: Analysis of the skill instructions and configuration files did not reveal any malicious patterns, prompt injections, or unauthorized data access techniques. The skill serves its stated purpose of managing a software implementation workflow.
[COMMAND_EXECUTION]: The skill utilizes a set of predefined commands through the spec-forge-cli tool to manage project state and artifacts. These operations are restricted to the local filesystem and intended for development lifecycle management.
[DATA_EXFILTRATION]: No network activity or patterns suggesting the unauthorized removal of data were detected. Operations are confined to the local project environment.
[PROMPT_INJECTION]: The skill processes specification files from earlier workflow stages. Ingestion points: Ingests data from synthesis/implementation-spec.yaml and gates/readiness.yaml as seen in SKILL.md. Boundary markers: No explicit boundary markers or isolation instructions are present for the processed YAML data. Capability inventory: The skill has the capability to write to and modify files in the target directory using spec-forge-cli artifact merge/put. Sanitization: No explicit sanitization or validation of the input spec content is described beyond the CLI logic. Assessment: The ingestion of untrusted data is a core function of the workflow, and no malicious exploitation patterns were identified during the analysis.

spec-forge-implement