The Agent Skills Directory

[COMMAND_EXECUTION]: The instructions in SKILL.md frequently invoke a CLI tool named spec-forge-cli using parameters gathered directly from the user. For instance, the init and resolve commands use variables like <target-dir>, <spec-id>, <request-title>, and <request-summary>. If the underlying platform does not provide strict validation for these fields (which are defined as strings and paths in agents/ux.yaml), an attacker could provide input containing shell metacharacters (e.g., ;, &, |) to execute arbitrary commands on the host system.
[EXTERNAL_DOWNLOADS]: The skill demonstrates a dependency on an external executable, spec-forge-cli. While this tool appears to be part of the ByteLandTechnology ecosystem, its source, versioning, and integrity are not defined within the skill package, representing a dependency on external code that must be pre-present in the execution environment.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by collecting open-ended text from the user and storing it in framing artifacts.
Ingestion points: User-provided fields such as problem_statement, problem_goal, and request_summary in agents/ux.yaml.
Boundary markers: No specific delimiters or instructions to ignore embedded commands are present when writing these values to request-context.yaml.
Capability inventory: The skill performs file writes and merges using the spec-forge-cli tool across all workflow steps.
Sanitization: The skill does not describe any validation or escaping of the user-provided text before it is persisted into the YAML artifacts, which may be processed by other automated agents in subsequent architectural stages.

spec-forge-intake